As opposed to focusing on the audit and specifically on whether something is compliant, I tend to favor using a
good dose of common sense. For better or worse, the SSN is a major piece of data used to perpetrate identity theft. Thus, even though it may not be specifically against the regulation, it doesn't make a lot of business sense to use the SSN in that context. Using Social Security numbers indicates a general disdain for patient privacy, one that may result in customers or patients taking their business elsewhere.
Dig deeper on HIPAA
Related Q&A from Mike Rothman, Contributor
In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about ...continue reading
Depending on your enterprise, it may or may not be necessary to utilize a QSA. In this security management expert response, learn how to determine ...continue reading
When developing software securely, what role does gap analysis play? In this security management expert response, learn how to implement gap analysis...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.