Home page logo
/

basics logo Security Basics mailing list archives

Re: Risk of using SS#s (last 4 digits) for authentication
From: "Margles Singleton" <MarglesSingleton () firsthealth com>
Date: Mon, 04 Nov 2002 16:40:01 -0600

I believe there are regs disallowing the use of the SSN in California. 


mas

"Jim Lawton" <jblii () hotmail com> 11/02/02 09:59AM >>>
We are currently considerring the limited use of employee's Social
Security 
numbers to authenticate them when they request a password reset from
the 
Help Desk.  We have chosen two items (in total) for authenticating
them: 
their employee # and the last 4 digits of their SS#.  Only the last 4
digits 
would be stored in the Help Desk app, and these would be viewable only
by 
Help Desk technicians.  They would only be able to see them by
selecting a 
specific toolbar button (the SS# screen would not visible at all
times).

We are concerned with the privacy issue potential if we use any part of
a 
SS# but are unaware of any legal precedent, standard or guideline
either 
supporting or against this use.  Does anyone have knowledge they can
share, 
or know of web resources that might be useful to research this issue?

We are a corporation of roughly 1200 specializig in healthcare, and
HIPAA 
privacy/security regs, NCQA and URAC acredidations must be taken into 
consideration.

Thanks in advance for any suggestions or information.

JBL




_________________________________________________________________
Surf the Web without missing calls! Get MSN Broadband. 
http://resourcecenter.msn.com/access/plans/freeactivation.asp 




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]