anything i can do?

During my I.S. staff meeting yesterday, where we were discussing
guarding patient privacy/confidentiality (I work at a hospital)…my
supervisor asked if the new privacy laws covered employees. “Why do you
ask?” we ask her. She mentions that she sends an UNENCRYPTED file
containing hospital employee names, addresses, social security numbers,
and earning info via email to an accounting firm every quarter. WTF?!?!
OMG I was so pissed to hear of this. Yet…I don’t think there are
laws against this stupid place doing this. Are there? Is there
ANYTHING I can do to stop my employer from sending this shit without
protecting it?

I am pushing for us to start using encryption, but in the meantime I
want this to STOP right f’ing NOW.

Re: anything i can do?

What is your position at the company? can you actually do anything to
the servers to force encryption of email?

I don’t think there are any laws about email specifically, but there ARE
confidentiality laws…

-Deborah- wrote:
> During my I.S. staff meeting yesterday, where we were discussing
> guarding patient privacy/confidentiality (I work at a hospital)…my
> supervisor asked if the new privacy laws covered employees. “Why do you
> ask?” we ask her. She mentions that she sends an UNENCRYPTED file
> containing hospital employee names, addresses, social security numbers,
> and earning info via email to an accounting firm every quarter. WTF?!?!
> OMG I was so pissed to hear of this. Yet…I don’t think there are
> laws against this stupid place doing this. Are there? Is there
> ANYTHING I can do to stop my employer from sending this shit without
> protecting it?
>
> I am pushing for us to start using encryption, but in the meantime I
> want this to STOP right f’ing NOW.
>

Re: anything i can do?

“Shena Delian O’Brien” <shena@darklock.com> wrote in message
news:3E1DC732.4050508@darklock.com
> What is your position at the company? can you actually do anything to
> the servers to force encryption of email?
>
> I don’t think there are any laws about email specifically, but there ARE
> confidentiality laws…
>
> -Deborah- wrote:
> > During my I.S. staff meeting yesterday, where we were discussing
> > guarding patient privacy/confidentiality (I work at a hospital)…my
> > supervisor asked if the new privacy laws covered employees. “Why do you
> > ask?” we ask her. She mentions that she sends an UNENCRYPTED file
> > containing hospital employee names, addresses, social security numbers,

This would fall under “The defendant knew or should have known that
unencrypted e-mail is not an acceptable medium for transferring highly
sensitive information” in the later court proceedings.

Advise your legal department of your concern over the situation. They have
substantially higher influence in this matter. Rest assured this will stop
right f’ing now after you do so. Better approach, advise your supervisor
that she should consult your legal department about this practice.

Leonid

Re: anything i can do?

Thanks for the comments. I called the HR director and he said there is
a section in HIPAA concerning the privacy of employee information…so
he was very concerned about what I told him. In the meantime I am
investigating implementing email encryption as well as digitial
signatures throughout our organization.

-Deborah- wrote:

> During my I.S. staff meeting yesterday, where we were discussing
> guarding patient privacy/confidentiality (I work at a hospital)…my
> supervisor asked if the new privacy laws covered employees. “Why do
> you ask?” we ask her. She mentions that she sends an UNENCRYPTED file
> containing hospital employee names, addresses, social security
> numbers, and earning info via email to an accounting firm every
> quarter. WTF!!! OMG I was so pissed to hear of this. Yet…I
> don’t think there are laws against this stupid place doing this. Are
> there? Is there ANYTHING I can do to stop my employer from sending
> this shit without protecting it?
>
> I am pushing for us to start using encryption, but in the meantime I
> want this to STOP right f’ing NOW.
>

Re: anything i can do?

Your hospital must be quit a bit behind in it’s HIPAA compliance due
diligence. I can’t imagine a hospital that doesn’t have all it’s internal
and external facing systems locked down tighter then the average US mid
sized companies. HIPAA from what I’ve read is very far reaching in it’s
requirements for digital ID’s, encryption, confidentiality, and patient
notifications.

Gary Stein

“-Deborah-” <invalid@work.com> wrote in message
news:3E1EEB3B.20207@work.com
> Thanks for the comments. I called the HR director and he said there is
> a section in HIPAA concerning the privacy of employee information…so
> he was very concerned about what I told him. In the meantime I am
> investigating implementing email encryption as well as digitial
> signatures throughout our organization.
>
> -Deborah- wrote:
>
> > During my I.S. staff meeting yesterday, where we were discussing
> > guarding patient privacy/confidentiality (I work at a hospital)…my
> > supervisor asked if the new privacy laws covered employees. “Why do
> > you ask?” we ask her. She mentions that she sends an UNENCRYPTED file
> > containing hospital employee names, addresses, social security
> > numbers, and earning info via email to an accounting firm every
> > quarter. WTF!!! OMG I was so pissed to hear of this. Yet…I
> > don’t think there are laws against this stupid place doing this. Are
> > there? Is there ANYTHING I can do to stop my employer from sending
> > this shit without protecting it?
> >
> > I am pushing for us to start using encryption, but in the meantime I
> > want this to STOP right f’ing NOW.
> >
>