On Sunday 29 August 2004 23:31, Pete Theisen wrote:
> > Is this allowable under HIPAA etc?
> Theoretically if the security was rock solid . . .
Theoretically, maybe. But in real life, unless there were a clear
agreement between physician and patient, I doubt it. I'm in and out
of doctors' offices during the week, and almost all of them are
very hesitant about releasing information this way. The information
is between the doctor and the patient, and how would the doctor be
sure who is on the other end of the cable? He's responsible if it
gets into the wrong hands...
On the other hand, I'm surprised at the number of offices that have
in general very poor network security. I have telnet'ed into office
where the root password was null, or the Windows admin acccount was
auto-login'ed on the db server. Or the office wireless points were
wide open, and anyone with a laptop could walk by and be on the
network. I was at a medical office building just last week where I
walked along the hallways, picking up at least one open wi-fi
network per corridor. It would have been a minor exercise to have
pulled confidential patient record databases from most of them, and
since many of these database formats are well known, well...
You can imagine.
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:45:26 EDT