Last fall I blogged about Microsoft’s HealthVault, “Why Would You Trust Microsoft To Store Your Sensitive Health Information?”
It didn’t take long before Google got in on the game.
Today an interesting story ran in the New York Times, “Warning on Storage of Health Records” that also points out the concerns with having huge amounts of health information stored in some mega-multi-services-products types of monolith company. The issues are the same for any organization storing such information, though; but putting health information in the same corporate systems that contain the records of billions of people really open up quite a Pandora’s box of privacy breach possibilities.
Here are some excerpts from the news story that make some good points…
Posts Tagged ‘HIPAA’
Revisiting Online Medical Information Storage Houses Points To Consistent Need For *1* Federal Privacy Law
Thursday, April 17th, 2008One Word Makes A World Of Difference…To Auditors and To Practitioners
Monday, April 7th, 2008I want to continue the discussion I started yesterday.
Is there a difference between “log management” and a “log management system”?
Misquotes and Misinformation on PCI DSS Log Management
Sunday, April 6th, 2008I always invite feedback and comments about my articles and books. I like to know what people have found useful as well as hear how I can improve upon my writing and see if there is any more information I could have added or expanded upon.
So, I was interested to see that Dr. Anton Chuvakin read one of my recent PCI DSS logging compliance papers and posted to his blog about it.
However, he made a significant misquote and provided misinformation, which provide good topics for discussion…
Risks & Compliance: Giving Personnel Access to Their Own, And Coworkers’, Records is Generally a Bad Idea
Wednesday, April 2nd, 2008I get several questions from folks about various information security, privacy and compliance issues. I answer all I can. Most of them are great, thought-provoking questions that help to spawn a nice discussion!
I recently got a very good and interesting question from a healthcare provider that all organizations really need to put some thought into. With this in mind, the following is the de-identified message I recieved, along with my slightly edited reply…
HIPAA *HAS* Impacted Healthcare Providers…Despite Lack Of Enforcement
Monday, March 17th, 2008I have written many times about how the U.S Department of Health and Human Services (HHS) has severely weakened the planned privacy and security goals of the Health Insurance Portability and Accountability Act (HIPAA) to require healthcare covered entities (CEs) to implement strong safeguards for the protected health information (PHI) with which they’ve been entrusted. And I still believe that.
However, after reading a another report today I realized something…
3rd HIPAA Criminal Indictment; Another Insider Job
Sunday, March 2nd, 2008Will Bad News Come in 3’s For Health Net?
Saturday, March 1st, 2008In the past several days Health Net made the news…in ways they would rather not have…
First this on 2/22:
New HIPAA Security Information on the CMS website
Tuesday, February 26th, 2008I just got a notice from the U.S. Department of Health and Human Services (HHS)…
New HIPAA Security Information on the CMS website
Blog Info OK’d To Use To Make Medical Insurance Coverage Decision
Monday, February 11th, 2008Hopefully most people know by now that whatever you post on the Internet is not private, and that basically anyone can read it. Hopefully most people know by now that it is a growing trend for employers to use information they find on the Internet in their hiring and firing decisions.
Well, it appears the information found on the Internet can now be used by insurers to make decisions about to whom they will and will not provide insurance.
A Stolen Health Insurer’s Laptop With PII Is Not Necessarily A HIPAA Violation
Wednesday, January 30th, 2008While scanning the news blurb summaries today, the statement, “This is a violation of HIPAA.” caught my eye. Hmm…let’s see what this is about…
This statement was actually within the reader comments to the story, “Blue Cross reports theft of computer.”
