[arin-ppml] Clarify /29 assignment identification requirement

William Herrin bill at herrin.us
Fri May 4 11:36:45 EDT 2012


On 5/4/12, John Curran <jcurran at arin.net> wrote:
> On May 4, 2012, at 10:24 AM, William Herrin wrote:
>> But let me turn the question around: ARIN staff have been doing this
>> for quite a while. How would staff handle the hospital as ISP scenario
>> I posited? HIIPA says you don't get to look at the user data. It's the
>> law. So what would data would staff seek for their audit instead?
>
>
> Your hypothetical lacks sufficient detail to answer with certainty.  It's
> likely we would request customer reassignment data to verify utilization.
> I am confident that sufficient information could be provided to ARIN under
> NDA as needed which would not violate HIPPA's "protected health
> information"
> requirements, just as we have been able to work with parties with PII,
> CPNI,
> and related issues.

Hi John,

HIPAA restricts the use of 18 categories of information about a health
care customer including:

Names
All geographical identifiers smaller than a state
Phone numbers
Email addresses

By law, a U.S. hospital may only provide you with "de-identified data"
about their customers. Even under NDA.

But don't take my word for it, check with ARIN counsel.

Regards,
Bill


-- 
William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004



More information about the ARIN-PPML mailing list