Re: [SLUG] Security for Open Source Application

From: Pete Theisen (petetheisen@verizon.net)
Date: Tue Apr 28 2009 - 13:35:03 EDT


Ken Elliott wrote:

> Then you should enlist the services of a professional. If you expose HIPAA
> data, I believe your legal liability could be rather large. Once a lawyer
> learns that you used a "do-it-yourself" system, he will be all over you and
> make you look reckless.
>
> Ask your insurance provider about your coverage concerning this.

Hi Ken!

Good suggestion, thanks. Can't afford a pro, though, non-profit
organization and all that. Now if a pro should volunteer, that would
solve all the problems that a pro could solve.

My intention is to use the best practice I can implement with my own
effort, thus my posting the question. I myself am doing all that I do -
for free.

It appears that risk to an honest person is very minimal. In the first
four years that there has been a HIPAA there have been something like
366 complaints that have resulted in 4 prosecutions. This is out of
untold millions of records. When you consider those odds, any system,
diy or professional, that uses compliant practices (outlined in the law)
will be all but immune to legal problems unless there is real criminal
intent.

Each prosecution was of an insider who stole the data for either cash
payoff, credit/identity fraud or a fraudulent billing scheme. An insider
can get into any system, pro or otherwise.

Insurance? Don't have any. The non-profit organization doesn't have any
insurance either, and is not likely to get any. We are in Florida,
though, and there is a good Samaritan law protecting non-profits.

-- 
Regards,

Pete http://pete-theisen.com/ http://elect-pete-theisen.com/ ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:46:43 EDT