Re: Employment form

Check your form parameters. It appears that a majority of the fields, to include the submit botton, are outside the form.

If you find that this is the case- I am afraid that you will have to start from scratch. Delete all fields and make sure to stretch the form parameters so that all your fields will fit inside the form. The start building the form again paying close attention to the form parameters. If in your building you find that you are comming close to the end of the form, stop and stretch it down and then continue to place fields on it.

Sorry to be the bearer of bad news. I really do not belive that, at this point, you can simply stretch the form parameters to encompass all the fields as they have not been set to the form.

The only way to ensure that it will work would be to start over.

Andy

I

Re: Employment form

For this kind of form you need ssl as you are collecting private personal information relevant to a persons identity. You might do better to create this is a word document or a pdf document and have them download it and fax it in. You cannot have ssl and have this form post to email. email is NOT protected for the conveyence of this type of information. As a HEALTHCare Provider you are also in violation of the HEPA Acts with it unsecured. I wont even get into the state statutes for providing health services and background checks for Correctional Facilities and what their requirements for protecting privacy online are.

Karen

Re: Employment form

thanks all for the information. I will check the barriers with the form and re-do it. Karen, we are not a healthcare provider such as Blue Cross or any other provider like that. What we do is provide nurses and doctors to the Correctional industry. We have a process of hiring and do all background checks etc... in compliance with state and federal laws.
I hope we have cleared this up, but if you still think we are in violation of any laws, just let me know and we will do the research.
Thanks, Kathrynm

Re: Employment form

Karen was just giving food for thought in that many correctional facilities have strict privacy policies with regard to their employees and inmates. You are collecting information pre-employment and not with regard to any health info of inmates or employees and as such would not violate HIPA.

I do agree with Karen though. If I am filling out a form that has such personal info as my drivers license etc.... I will not do so unless it is a secure connection- encrypted. I think Karen's suggestion of providing a word doc or pdf that the user could fill out and then fax might get you more participation. A ssl certificate for your site runs about $100/year.

Cheers-
Andy

Re: Employment form

Hehe... Good Idea, for the next version of ABVFP... Encryption using the Public key method, so that emails content is encrypted.

Thank you ladies and gentlemen!!!

Re: Employment form

Naval- always thinking. Hello my friend. Keep up the good work.

Andy

Re: Employment form

Yes, youre correct that you personally arent the health care provider, but you provide the services, therefore, HIPA applies or (HEPA) whichever it is, as you are providing third party information and its you that has the contract with the actual practitioner and the state who houses the PATIENT. So not only can you not divulge patient info, you cant provide provider info either and leave it open to the internet. Thats what i was pointing out. ICANN i believe also covers internet law and specifics about the kind of information you can gather UNPROTECTED without encryption and that would include your online application. If you collect it without encryption and some gang members family had access to your info and got a fix on a nurse and or doctor who may or may not have access to their interest, theyd have a good place to start finding out WHO Does work there and all their personal info and using it. Not to mention the identity thieves, youve given them background history, employment dates drivers license numbers and the whole 9 yards, residence and its just one jump to family members as well.

I was simply giving you food for thought while collecting the info. You cant collect it even with an ssl unless it goes to a database or file on the server and then you run a script to generate the report.

Even if Naval develops a public encryption for email, I WOULDNT USE it to divulge personal info unless it was an INHOUSE server never reaching the internet.

Thus the suggestion to pdf or word doc it and have it faxed in.

Karen

Re: Employment form

Karen-
Respectfully- I disagree. And actually it is HIPAA (Health Insurance Portability and Accountability Act of 1996). I specifically deals with "patient" information. This does not apply to pre-employment information and credentials for same. Infact, the privacy rule specifically relates to "individually identifiable health information".

Don't get me wrong- you and I are in agreement as to the method she is using is un-secure. And, the prisons she deals with may take issue with the un-secure gathering if info. But HIPAA does not apply here.

Also, I must ask. You stated that you cannot gather such personal info via a form and transmit to email but ONLY to a database. That statement implies that there is some law or rule that regulates information gathering. Is there such a rule or law, because I am unaware of any?

Also- encryption is encryption be it sent to a database or an email.

Andy

Re: Employment form

Yes Check ICANN for internet law, and email is not safe encrypted or not, I dont have time now to find it. I said it has to be a database or a file on the server in some format. Email servers are not secure because they are public and even encrypted, dont run a dedicated ip, so the encryption keys are much less.

Theres a law newer than the 1996 one, that deals with all health care related information, not just patient, but under what circumstances and who may or may not treat patients or have access to patients information. Not encrypting employment files, might jeapordize who provides services when, times of their employment and makes public record of who worked where when and might have access or knowledge of these patient records.

You can collect information per se, but collecting unencrypted is what gets you into trouble, and ALL websites should have a privacy policy even for delivering cookies and collecting ip addresses under ICANN. So collecting personal identifying information without encryption yes, is illegal, and if your email or database is hacked, and you didnt do everything you could to protect it, you are liable legally, and civally for tort, damages etc.

Karen

Re: Employment form

Heres the updated SECURITY section of HIPPA as found on wikipedia

Re: Employment form

Heres wikipedia on personal identifying information and a list of the laws and resources:



Karen

Re: Employment form

???

Encryption through a Public Key is 100% safe. It uses the same 128 bit encryption that ssl uses. The key is only known to the the form owner, so the content can NOT be decrypted by anyone else. Once the mail arrives to the desktop, he can decrypt and read it.

The alternative, as i have always suggested, would be to simply store the info in a database, and view this info through a ssl connection.

Re: Employment form

LOL.. are you going to EMAIL them the codes? You can harvest emails off a server for 7 years forensically, and how many people who are employed will be handling this key? And how many places will it be written down, or how many computers accessing the internet will have it stored on them and then be hacked by some download or email virus. You can TELL me all day long that encrypted email is 100% safe and im STILL not buying into it. Ive seen too many college and school servers hacked and supposedly inhouse secure and should have been secure but the wrong email was downloaded or the codes were left out a disgruntled student or employee gave out their access codes etc etc.

Yes servers get hacked, stores get hacked, but email gets harvested alot more often, encrypted or not. Ive even watched hackers access a persons COMPUTER thru the internet after they gave them an infected file. Granted encrypted email makes it tougher, but it wouldnt be my choice of security, or my choice of protection given that id be liable for some pretty pertinent info.

Karen

Re: Employment form

I believe that we are confusing issues.

Issue nr 1: can an email be encrypted so that it can travel through a normal Internet connection ? Answer: yes. No one will ever be able to decrypt the mail unless he has the key.

Issue nr 2: Can a key be stolen ? answer : Yes, as everything else. But this is not different from theft of the database or CP password / username. So, from this point of view, the security level of an encrypted email is the same as the ssl connection and whatever other security measures one can take.

It is up to the company to establish those internal procedures / methods to protect the data once they have been transfered.

I am NOT dealing here with the legal aspect, i only deal with the technical one. From this point of view, the security level between viewing the email content as stored in a database, through a ssl connection, and recieving an encrypted email, is the same.

To add more, a public key encrypted email can also be encrypted with a 256 or even 1024 bit key, making far more safer than a ssl connection-