|Software Security |
We are highly hardware secure, but what about the dictation files or e-mail in transit? What encryption scheme should you use? Although we are not governed by health care legislation in the United States, we abide by the security principles laid down in the November 24, 1998 HCFA Internet Security Policy (for more information visit http://www.hcfa.gov/security/isecplcy.htm). We strongly suggest to our customers to encrypt their e-mail, authenticate, and not to indicate in any way individually identifiable data in the body of the unencrypted mail message.
Several encryption schemes are available in the market. Two of the most powerful are SSL - Secure Sockets Layer (sometimes referred to as Transport Layer Security - TLS) level Version 3.0 (or better) implementation using Netscape Messenger Version 6.0 or better (for more detailed information visit http://home.netscape.com/security) and PGP - Pretty Good Privacy Version 7.0.3 (or better) implementation (for more information visit http://www.pgpi.org).
We prefer PGP's full 128-bit key encryption technology implementation. Unlike PGP, SSL international (so called "export version") encryption implementations using Netscape Messenger is only limited to 40-bit key encryption technology (the more powerful 128-bit key version is for exclusive use in the U.S.).
Important note:If you desire to use or are already using the internet for transmittal of HCFA Privacy Act-protected and/or other sensitive HCFA information, you must notify HCFA. An e-mail address is provided below to be used for this acknowledgment. An acknowledgment must include the following information:
1. Name of Organization
2. Address of Organization
3. Type/Nature of Information being transmitted
4. Name of Contact (e.g., CIO or accountable official)
5. Contact's telephone number and e-mail address
For submission of intent, send an e-mail to: firstname.lastname@example.org.