On Mon, 22 Sep 2003, Doug Royer wrote:
The HIPPA argument doesn't fly at all. However, Verisign is also subject
to the ECPA, and may not disclose the contents email, any more than any
other communications providers can. No confidentiality (HIPPA or
otherwise) is broken.
I'm not sure if you are ignorant of HIPPA, the ECPA, or just
fear-mongering. I guess all those people who used to say there were no
laws on the internet must now be thinking "well, there ought to be". Well,
they're in luck. It just happens there are laws already.
You reall do not have a clue about HIPPA regulations.
Actually, I have customers who are hospitals and health care providers and
pharmaceutical companies. I have a copy of the HIPPA regulations. I have
a clue about HIPPA regulations.
HIPPA covers _medical_ information. Email addresses are not medical
information. The email address in an email message is not a medical record
protected by HIPPA. Third, the email address is already being disclosed
to the ISP running the relay.
The relevant privacy law involving email is the ECPA, not HIPPA. Verisign
is prevented from disclosing the contents of any email, as is the ISP.
Quite obviously, Verisign is not improperly disclosing any information.
Contrary assertions are FUD.
--Dean