Tuesday, August 4, 2009

Security and Hacking, Real Fears

See the WSJ Article: New Epidemic Fears: Hackers

Securing health records in small doctor's offices and clinics is not easy: small offices can't afford Fort-Knox style data protection measures, like hiring security experts to make sure hackers aren’t getting into their systems. Even if electronic health records software includes encryption and other security features doesn't mean those features will be turned on and used.

• Now, many privacy advocates are concerned the administration's effort could end up making health information less secure. "If there isn't a concerted effort to acknowledge that the security risks are very real and very serious then we could end up doing it wrong," says Avi Rubin, technical director of the Information Security Institute at Johns Hopkins University.

• "As more information is shared, it is subjected to the weak-link effect."

• Mr. Osteen's efforts to safeguard information won't be useful if smaller providers he shares it with haven't made the same kind of security investments."
Posted by at
Labels: , , , , , , , , ,

2 comments:

  1. AnonymousAugust 10, 2009 at 12:51 PM

    Dear Patientprivacyrights:

    As a dentist, I read with interest your comment: “Security and Hacking, Real Fears “
    http://dpeelmd.blogspot.com/2009/08/security-and-hacking-real-fears.html

    “Securing health records in small doctor's offices and clinics is not easy: small offices can't afford Fort-Knox style data protection measures, like hiring security experts to make sure hackers aren’t getting into their systems. Even if electronic health records software includes encryption and other security features doesn't mean those features will be turned on and used.”

    I have reason to believe that in about a week, the liabilities of maintaining identifiers on computers is going to price computerization out of most dental offices within a year. The first major HITECH regulation is due from HHS on August 18.

    My question is this: If identifiers could be somehow removed from dental records, and stored on a separate memory device that is strictly controlled by only a few people, would thousands of dental patients require being notified of a breach if the key was not involved?

    I appreciate your response.

    D. Kellus Pruitt DDS

    ReplyDelete
  2. Bill McCuistionSeptember 3, 2009 at 7:04 PM

    Doc, what if you did not actually store PHI at all? What I mean is, what if the patient had a service that kept them, and with appropriate security, made them available to you as you needed to reference them, would tha appeal to you?

    Bill.McCuistion@gmail.com

    ReplyDelete

Subscribe to: Post Comments (Atom)