Re: [SLUG] OT: Any Sarasota/Bradenton doctors who are online?

From: Chad Perrin (perrin@apotheon.com)
Date: Mon Aug 30 2004 - 02:05:34 EDT

Next message: chris lee: "Re: [SLUG] Subject: Still no Gmail"
Previous message: Eben King: "Re: [SLUG] SuSE Splash screen"
In reply to: Max F Lang: "Re: [SLUG] OT: Any Sarasota/Bradenton doctors who are online?"
Next in thread: craig@ctrust.com: "Re: [SLUG] OT: Any Sarasota/Bradenton doctors who are online?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Max F Lang wrote:

> On Sunday 29 August 2004 23:31, Pete Theisen wrote:
>
>>>Is this allowable under HIPAA etc?
>>
>>Theoretically if the security was rock solid . . .
>
>
> Theoretically, maybe. But in real life, unless there were a clear
> agreement between physician and patient, I doubt it. I'm in and out
> of doctors' offices during the week, and almost all of them are
> very hesitant about releasing information this way. The information
> is between the doctor and the patient, and how would the doctor be
> sure who is on the other end of the cable? He's responsible if it
> gets into the wrong hands...
>
> On the other hand, I'm surprised at the number of offices that have
> in general very poor network security. I have telnet'ed into office
> where the root password was null, or the Windows admin acccount was
> auto-login'ed on the db server. Or the office wireless points were
> wide open, and anyone with a laptop could walk by and be on the
> network. I was at a medical office building just last week where I
> walked along the hallways, picking up at least one open wi-fi
> network per corridor. It would have been a minor exercise to have
> pulled confidential patient record databases from most of them, and
> since many of these database formats are well known, well...
>
> You can imagine.

Actually, you've made the salient point there: Security has nothing to do with
it. If the agreement exists, on paper and verifiable, then it can be done.
Elsewise, it can't. Of course, the doctor would have to be convinced to even
offer the service which, as you pointed out, might be difficult considering
issues of liability.

Sadly, I'm not at all surprised about the state of network security in doctors'
offices. I've worked with doctors as clients that are obstinately opposed to
making certain changes for security reasons, simply because they're "too
complicated", or something equivalent. No, I won't name any names.

-- 
Chad Perrin (apotheon .com .net .org)
http://www.catb.org/~esr/jargon/html/S/sig-block.html
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS).  Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.

Next message: chris lee: "Re: [SLUG] Subject: Still no Gmail"
Previous message: Eben King: "Re: [SLUG] SuSE Splash screen"
In reply to: Max F Lang: "Re: [SLUG] OT: Any Sarasota/Bradenton doctors who are online?"
Next in thread: craig@ctrust.com: "Re: [SLUG] OT: Any Sarasota/Bradenton doctors who are online?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:45:48 EDT