Employment form

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • kathrynm
    Private First Class

    • Oct 2007
    • 5

    Employment form

    Hello Naval; I have done a new form, but cannot get it to work. Could you please review this form and tell what I have done incorrectly.
    www.southeasternservicegroup.com/employment.html
    Thank You
    Kathryn
  • Andy128
    Major General

    • Dec 2005
    • 2317

    #2
    Re: Employment form

    Check your form parameters. It appears that a majority of the fields, to include the submit botton, are outside the form.

    If you find that this is the case- I am afraid that you will have to start from scratch. Delete all fields and make sure to stretch the form parameters so that all your fields will fit inside the form. The start building the form again paying close attention to the form parameters. If in your building you find that you are comming close to the end of the form, stop and stretch it down and then continue to place fields on it.

    Sorry to be the bearer of bad news. I really do not belive that, at this point, you can simply stretch the form parameters to encompass all the fields as they have not been set to the form.

    The only way to ensure that it will work would be to start over.

    Andy

    I
    PHP- is a blast!

    Comment

    • Karen Mac
      General

      • Apr 2006
      • 8332

      #3
      Re: Employment form

      For this kind of form you need ssl as you are collecting private personal information relevant to a persons identity. You might do better to create this is a word document or a pdf document and have them download it and fax it in. You cannot have ssl and have this form post to email. email is NOT protected for the conveyence of this type of information. As a HEALTHCare Provider you are also in violation of the HEPA Acts with it unsecured. I wont even get into the state statutes for providing health services and background checks for Correctional Facilities and what their requirements for protecting privacy online are.

      Karen

      VodaHost

      Your Website People!
      1-302-283-3777 North America / International
      02036089024 / United Kingdom
      291916438 / Australia

      ------------------------

      Top 3 Best Sellers

      Web Hosting - Unlimited disk space & bandwidth.

      Reseller Hosting - Start your own web hosting business.

      Search Engine & Directory Submission - 300 directories + (Google,Yahoo,Bing)


      Comment

      • kathrynm
        Private First Class

        • Oct 2007
        • 5

        #4
        Re: Employment form

        thanks all for the information. I will check the barriers with the form and re-do it. Karen, we are not a healthcare provider such as Blue Cross or any other provider like that. What we do is provide nurses and doctors to the Correctional industry. We have a process of hiring and do all background checks etc... in compliance with state and federal laws.
        I hope we have cleared this up, but if you still think we are in violation of any laws, just let me know and we will do the research.
        Thanks, Kathrynm

        Comment

        • Andy128
          Major General

          • Dec 2005
          • 2317

          #5
          Re: Employment form

          Karen was just giving food for thought in that many correctional facilities have strict privacy policies with regard to their employees and inmates. You are collecting information pre-employment and not with regard to any health info of inmates or employees and as such would not violate HIPA.

          I do agree with Karen though. If I am filling out a form that has such personal info as my drivers license etc.... I will not do so unless it is a secure connection- encrypted. I think Karen's suggestion of providing a word doc or pdf that the user could fill out and then fax might get you more participation. A ssl certificate for your site runs about $100/year.

          Cheers-
          Andy
          PHP- is a blast!

          Comment

          • navaldesign
            General & Forum Moderator

            • Oct 2005
            • 12080

            #6
            Re: Employment form

            Hehe... Good Idea, for the next version of ABVFP... Encryption using the Public key method, so that emails content is encrypted.

            Thank you ladies and gentlemen!!!
            Navaldesign
            Logger Lite: Low Cost, Customizable, multifeatured Login script
            Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
            DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
            Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!

            Comment

            • Andy128
              Major General

              • Dec 2005
              • 2317

              #7
              Re: Employment form

              Naval- always thinking. Hello my friend. Keep up the good work.

              Andy
              PHP- is a blast!

              Comment

              • Karen Mac
                General

                • Apr 2006
                • 8332

                #8
                Re: Employment form

                Yes, youre correct that you personally arent the health care provider, but you provide the services, therefore, HIPA applies or (HEPA) whichever it is, as you are providing third party information and its you that has the contract with the actual practitioner and the state who houses the PATIENT. So not only can you not divulge patient info, you cant provide provider info either and leave it open to the internet. Thats what i was pointing out. ICANN i believe also covers internet law and specifics about the kind of information you can gather UNPROTECTED without encryption and that would include your online application. If you collect it without encryption and some gang members family had access to your info and got a fix on a nurse and or doctor who may or may not have access to their interest, theyd have a good place to start finding out WHO Does work there and all their personal info and using it. Not to mention the identity thieves, youve given them background history, employment dates drivers license numbers and the whole 9 yards, residence and its just one jump to family members as well.

                I was simply giving you food for thought while collecting the info. You cant collect it even with an ssl unless it goes to a database or file on the server and then you run a script to generate the report.

                Even if Naval develops a public encryption for email, I WOULDNT USE it to divulge personal info unless it was an INHOUSE server never reaching the internet.

                Thus the suggestion to pdf or word doc it and have it faxed in.

                Karen

                VodaHost

                Your Website People!
                1-302-283-3777 North America / International
                02036089024 / United Kingdom
                291916438 / Australia

                ------------------------

                Top 3 Best Sellers

                Web Hosting - Unlimited disk space & bandwidth.

                Reseller Hosting - Start your own web hosting business.

                Search Engine & Directory Submission - 300 directories + (Google,Yahoo,Bing)


                Comment

                • Andy128
                  Major General

                  • Dec 2005
                  • 2317

                  #9
                  Re: Employment form

                  Karen-
                  Respectfully- I disagree. And actually it is HIPAA (Health Insurance Portability and Accountability Act of 1996). I specifically deals with "patient" information. This does not apply to pre-employment information and credentials for same. Infact, the privacy rule specifically relates to "individually identifiable health information".

                  Don't get me wrong- you and I are in agreement as to the method she is using is un-secure. And, the prisons she deals with may take issue with the un-secure gathering if info. But HIPAA does not apply here.

                  Also, I must ask. You stated that you cannot gather such personal info via a form and transmit to email but ONLY to a database. That statement implies that there is some law or rule that regulates information gathering. Is there such a rule or law, because I am unaware of any?

                  Also- encryption is encryption be it sent to a database or an email.

                  Andy
                  PHP- is a blast!

                  Comment

                  • Karen Mac
                    General

                    • Apr 2006
                    • 8332

                    #10
                    Re: Employment form

                    Yes Check ICANN for internet law, and email is not safe encrypted or not, I dont have time now to find it. I said it has to be a database or a file on the server in some format. Email servers are not secure because they are public and even encrypted, dont run a dedicated ip, so the encryption keys are much less.

                    Theres a law newer than the 1996 one, that deals with all health care related information, not just patient, but under what circumstances and who may or may not treat patients or have access to patients information. Not encrypting employment files, might jeapordize who provides services when, times of their employment and makes public record of who worked where when and might have access or knowledge of these patient records.

                    You can collect information per se, but collecting unencrypted is what gets you into trouble, and ALL websites should have a privacy policy even for delivering cookies and collecting ip addresses under ICANN. So collecting personal identifying information without encryption yes, is illegal, and if your email or database is hacked, and you didnt do everything you could to protect it, you are liable legally, and civally for tort, damages etc.

                    Karen

                    VodaHost

                    Your Website People!
                    1-302-283-3777 North America / International
                    02036089024 / United Kingdom
                    291916438 / Australia

                    ------------------------

                    Top 3 Best Sellers

                    Web Hosting - Unlimited disk space & bandwidth.

                    Reseller Hosting - Start your own web hosting business.

                    Search Engine & Directory Submission - 300 directories + (Google,Yahoo,Bing)


                    Comment

                    • Karen Mac
                      General

                      • Apr 2006
                      • 8332

                      #11
                      Re: Employment form

                      Heres the updated SECURITY section of HIPPA as found on wikipedia


                      The Security Rule
                      The Final Rule on Security Standards was issued on February 20, 2003. It took effect on April 21, 2003 with a compliance date of April 21, 2005 for most covered entities and April 21, 2006 for “small plans.” The Security Rule complements the Privacy Rule. While the Privacy Rule pertains to all Protected Heath Information (PHI) including paper and electronic, the Security Rule deals specifically with Electronic Protected Health Information (EPHI). It lays out three types of security safeguards required for compliance: administrative, physical, and technical. For each of these types, the Rule identifies various security standards, and for each standard, it names both required and addressable implementation specifications. Required specifications must be adopted and administered as dictated by the Rule. Addressable specifications are more flexible. Individual covered entities can evaluate their own situation and determine the best way to implement addressable specifications. The standards and specifications are as follows:
                      • Administrative Safeguards - policies and procedures designed to clearly show how the entity will comply with the act
                        • Covered entities (entities that must comply with HIPAA requirements) must adopt a written set of privacy procedures and designate a privacy officer to be responsible for developing and implementing all required policies and procedures.
                        • The policies and procedures must reference management oversight and organizational buy-in to compliance with the documented security controls.
                        • Procedures should clearly identify employees or classes of employees who will have access to electronic protected health information (EPHI). Access to EPHI must be restricted to only those employees who have a need for it to complete their job function.
                        • The procedures must address access authorization, establishment, modification, and termination.
                        • Entities must show that an appropriate ongoing training program regarding the handling of PHI is provided to employees performing health plan administrative functions.
                        • Covered entities that out-source some of their business processes to a third party must ensure that their vendors also have a framework in place to comply with HIPAA requirements. Companies typically gain this assurance through clauses in the contracts stating that the vendor will meet the same data protection requirements that apply to the covered entity. Care must be taken to determine if the vendor further out-sources any data handling functions to other vendors and monitor whether appropriate contracts and controls are in place.
                        • A contingency plan should be in place for responding to emergencies. Covered entities are responsible for backing up their data and having disaster recovery procedures in place. The plan should document data priority and failure analysis, testing activities, and change control procedures.
                        • Internal audits play a key role in HIPAA compliance by reviewing operations with the goal of identifying potential security violations. Policies and procedures should specifically document the scope, frequency, and procedures of audits. Audits should be both routine and event-based.
                        • Procedures should document instructions for addressing and responding to security breaches that are identified either during the audit or the normal course of operations.
                      • Physical Safeguards - controlling physical access to protect against inappropriate access to protected data
                        • Controls must govern the introduction and removal of hardware and software from the network. (When equipment is retired it must be disposed of properly to ensure that PHI is not compromised.)
                        • Access to equipment containing health information should be carefully controlled and monitored.
                        • Access to hardware and software must be limited to properly authorized individuals.
                        • Required access controls consist of facility security plans, maintenance records, and visitor sign-in and escorts.
                        • Policies are required to address proper workstation use. Workstations should be removed from high traffic areas and monitor screens should not be in direct view of the public.
                        • If the covered entities utilize contractors or agents, they too must be fully trained on their physical access responsibilities.

                      VodaHost

                      Your Website People!
                      1-302-283-3777 North America / International
                      02036089024 / United Kingdom
                      291916438 / Australia

                      ------------------------

                      Top 3 Best Sellers

                      Web Hosting - Unlimited disk space & bandwidth.

                      Reseller Hosting - Start your own web hosting business.

                      Search Engine & Directory Submission - 300 directories + (Google,Yahoo,Bing)


                      Comment

                      • Karen Mac
                        General

                        • Apr 2006
                        • 8332

                        #12
                        Re: Employment form

                        Heres wikipedia on personal identifying information and a list of the laws and resources:



                        Karen

                        VodaHost

                        Your Website People!
                        1-302-283-3777 North America / International
                        02036089024 / United Kingdom
                        291916438 / Australia

                        ------------------------

                        Top 3 Best Sellers

                        Web Hosting - Unlimited disk space & bandwidth.

                        Reseller Hosting - Start your own web hosting business.

                        Search Engine & Directory Submission - 300 directories + (Google,Yahoo,Bing)


                        Comment

                        • navaldesign
                          General & Forum Moderator

                          • Oct 2005
                          • 12080

                          #13
                          Re: Employment form

                          Originally posted by Karen Mac View Post
                          Even if Naval develops a public encryption for email, I WOULDNT USE it to divulge personal info unless it was an INHOUSE server never reaching the internet.
                          Karen
                          ???

                          Encryption through a Public Key is 100% safe. It uses the same 128 bit encryption that ssl uses. The key is only known to the the form owner, so the content can NOT be decrypted by anyone else. Once the mail arrives to the desktop, he can decrypt and read it.

                          The alternative, as i have always suggested, would be to simply store the info in a database, and view this info through a ssl connection.
                          Navaldesign
                          Logger Lite: Low Cost, Customizable, multifeatured Login script
                          Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
                          DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
                          Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!

                          Comment

                          • Karen Mac
                            General

                            • Apr 2006
                            • 8332

                            #14
                            Re: Employment form

                            LOL.. are you going to EMAIL them the codes? You can harvest emails off a server for 7 years forensically, and how many people who are employed will be handling this key? And how many places will it be written down, or how many computers accessing the internet will have it stored on them and then be hacked by some download or email virus. You can TELL me all day long that encrypted email is 100% safe and im STILL not buying into it. Ive seen too many college and school servers hacked and supposedly inhouse secure and should have been secure but the wrong email was downloaded or the codes were left out a disgruntled student or employee gave out their access codes etc etc.

                            Yes servers get hacked, stores get hacked, but email gets harvested alot more often, encrypted or not. Ive even watched hackers access a persons COMPUTER thru the internet after they gave them an infected file. Granted encrypted email makes it tougher, but it wouldnt be my choice of security, or my choice of protection given that id be liable for some pretty pertinent info.

                            Karen

                            VodaHost

                            Your Website People!
                            1-302-283-3777 North America / International
                            02036089024 / United Kingdom
                            291916438 / Australia

                            ------------------------

                            Top 3 Best Sellers

                            Web Hosting - Unlimited disk space & bandwidth.

                            Reseller Hosting - Start your own web hosting business.

                            Search Engine & Directory Submission - 300 directories + (Google,Yahoo,Bing)


                            Comment

                            • navaldesign
                              General & Forum Moderator

                              • Oct 2005
                              • 12080

                              #15
                              Re: Employment form

                              I believe that we are confusing issues.

                              Issue nr 1: can an email be encrypted so that it can travel through a normal Internet connection ? Answer: yes. No one will ever be able to decrypt the mail unless he has the key.

                              Issue nr 2: Can a key be stolen ? answer : Yes, as everything else. But this is not different from theft of the database or CP password / username. So, from this point of view, the security level of an encrypted email is the same as the ssl connection and whatever other security measures one can take.

                              It is up to the company to establish those internal procedures / methods to protect the data once they have been transfered.

                              I am NOT dealing here with the legal aspect, i only deal with the technical one. From this point of view, the security level between viewing the email content as stored in a database, through a ssl connection, and recieving an encrypted email, is the same.

                              To add more, a public key encrypted email can also be encrypted with a 256 or even 1024 bit key, making far more safer than a ssl connection-
                              Navaldesign
                              Logger Lite: Low Cost, Customizable, multifeatured Login script
                              Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
                              DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
                              Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!

                              Comment

                              Working...
                              X