Q

Using social security numbers for authorizing access

I am a senior security analyst in a large health care software company. I have a user that was using FTP to connect to a client, server to server. The client requested the user's social security number in order to allow access. This was because (the client said) of HIPAA (and RACF Mainframe Security)restriction. Any thoughts on this scenario?
If I understand your question correctly, I'm not aware of any HIPAA mandate that states a social security number must be used for client access. If anything, HIPAA mandates protecting SSNs and requires the minimum amount of protected health information necessary to get the job done. This can be used, but if it is determined during a risk assessment that threats or vulnerabilities exist in transmitting a SSN (or any confidential info) across a FTP, or any data communications, session, then certain systems must be in place to protect that information (i.e. encryption, authentication, etc.).


For more information on this topic, visit these other SearchSecurity.com resources:
  • Best Web Links: Health Care/Health Services Security
  • Ask the Expert: Encrypting e-mail and what is considered confidential under HIPAA
  • Ask the Expert: HIPAA compliance for company building health care application


  • This was first published in March 2003

    Dig deeper on Web Authentication and Access Control

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close