Re: Dsniff/mailsnarf
On Tue, Feb 24, 2004 at 06:19:48PM -0500, John Keimel wrote:
> On Tue, Feb 24, 2004 at 06:11:20PM -0500, tps@unslept.com wrote:
> > I've been asked to place a sniffer on a network that handles HIPPA data,
> > and watch for e-mail containing certain strings. I figured that mailsnarf
> > would be the best way to do this.
> >
> Aside from any of hte technical details of this, I'm kind of wondering
> how this fits into HIPPA and it's policies.
Certain info has to be protected.
> I'd be sure that if I were you, I'd have written evidence of someone (a
> boss/supervisor/etc) ordering this kind of behaviour and also my
> objection to sniffing data that might be confidential under HIPPA.
I have a very nice contract, complete with a very detailed scope of work,
which my lawyer has OKed.
> This just sounds wrong all around. I'd suggest significant amount of
> C.Y.A. activity on your part.
There's no CYA. I'm being asked to verify that there is no HIPPA
information that is leaving the site, accidentally or otherwise. There
is a nice defined set of keywords that would be used in any of the
documentation (it's a testing Lab). If the capture file size *ever*
goes above 0 bytes, they have a problem. That's all I'm involved with.
I want *nothing* to do with the actual data. I'm just setting up a
system that will notify certain people if there is a 'leak', and
they can go in and figure out what happened.
Tim
--
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>> Tim Sailer (at home) >< Coastal Internet, Inc. <<
>> Network and Systems Operations >< PO Box 726 <<
>> http://www.buoy.com >< Moriches, NY 11955 <<
>> tps@unslept.com/tps@buoy.com >< (631)399-2910 (888) 924-3728 <<
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Reply to: