On Tue, Feb 24, 2004 at 06:11:20PM -0500, tps@unslept.com wrote:
I've been asked to place a sniffer on a network that handles HIPPA data,
and watch for e-mail containing certain strings. I figured that mailsnarf
would be the best way to do this.
Aside from any of hte technical details of this, I'm kind of wondering
how this fits into HIPPA and it's policies.
I'd be sure that if I were you, I'd have written evidence of someone (a
boss/supervisor/etc) ordering this kind of behaviour and also my
objection to sniffing data that might be confidential under HIPPA.
This just sounds wrong all around. I'd suggest significant amount of
C.Y.A. activity on your part.
Good luck.
*shakes head*
Sorry I can't be more helpful otherwise.