[windows2000] Re: Off Topic: HIPAA - my brain hurts

• From: Angus Macdonald <Angus.Macdonald@xxxxxxxxxxxxxxxxxxx>
• To: windows2000@xxxxxxxxxxxxx
• Date: Wed, 23 Apr 2003 10:33:29 +0100

Set up a little demonstration for the so-called programmer and show him just
how easy it is to get all the passwords from the table. In fact, show as
many people as you can - at least one of them should be his manager - and
see how quickly he (or she) is forced to do a proper job.

-----Original Message-----
From: Greg Reese [mailto:GReese@xxxxxxxxxxxxxxxx]
Sent: 22 April 2003 20:31
To: thin@xxxxxxxxxxxxx; windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Off Topic: HIPAA - my brain hurts 



Sorry for the off topic post but after spending a few hours going =
through the Federal Register I am a little fried.

I am trying to find something in the HIPAA rules that spells out what =
makes an application "HIPAA Compliant" or not.  Mainly, I am trying to =
settle a dispute with a programmer.

The programmer has a user table that has all the users and passwords in =
it for his application.  He stores the password in this table as clear =
text.  Because he lets the users click on their user id form a list, all =
users have read access to this table.  That means anybody that wanted to =
could use Access or something and read the table and learn everyone's =
password for this app.  This is not my AD security.  Only application =
specific security.  He also gives them no way to change their password.  =
They have to call me and tell me what to change it to.  I don't want to =
know their passwords and think this is a bad idea too.

I think keeping a password as clear text is poor programming technique, =
reckless/stupid, and does not meet the specifications for patient =
confidentiality required by HIPAA.

I need to show my bosses something that says as much in the HIPAA regs.  =
They're backing me up (which is nice) but the programmer insists this is =
accepted practice and is ok to do.  I have done some digging in the =
HIPAA standards but the parts that aren't confusing as hell put me to =
sleep.

Has anyone been through any of this that could point me to the right =
place?

Thanks!


Greg

==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

Other related posts:

• » [windows2000] Off Topic: HIPAA - my brain hurts
• » [windows2000] Re: Off Topic: HIPAA - my brain hurts
• » [windows2000] Re: Off Topic: HIPAA - my brain hurts
• » [windows2000] Re: Off Topic: HIPAA - my brain hurts
• » [windows2000] Re: Off Topic: HIPAA - my brain hurts
• » [windows2000] Re: Off Topic: HIPAA - my brain hurts
• » [windows2000] Re: Off Topic: HIPAA - my brain hurts
• » [windows2000] Re: Off Topic: HIPAA - my brain hurts
• » [windows2000] Re: Off Topic: HIPAA - my brain hurts
• » [windows2000] Re: Off Topic: HIPAA - my brain hurts
• » [windows2000] Re: Off Topic: HIPAA - my brain hurts
• » [windows2000] Re: Off Topic: HIPAA - my brain hurts
• » [windows2000] Re: Off Topic: HIPAA - my brain hurts

1. Home
2. windows2000
3. Archive
4. 04-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---