September 13, 2011 at 6:33 am
The remarks about increased cost for somebody and the response about "based on groups" and genes excluding you from it ... made me wonder about "ethical hackers". (imagination) People who break into companies to delete data like "90% chance of cancer due to gene x". Or less ethical people who simply charge a fee for "updating" records.
Or even: employees updating company records for their friends and family. Once i met a person who got his speed ticket removed by a friend ...
I do recall a situation in the NL where someone did something wrong and got in the news. Suddenly several policemen looked up the information about that person. Fortunately the police did some monitoring and was able to see exactly who accessed the information. The persons who could not explain why they looked for that person in the database received a bad mark on there personal record. Being able to access something doesn't mean your allowed to look it up ...
September 13, 2011 at 6:48 am
Eduard (9/13/2011)
Being able to access something doesn't mean your allowed to look it up ...
That's very true. For example, I can get into trouble if I even look up my own PHI or that of my family members.
LinkedIn: https://www.linkedin.com/in/sqlrv
Website: https://www.sqlrv.com
September 13, 2011 at 6:51 am
Aaron N. Cutshall (9/12/2011)
I have noticed that people seem to be more concerned with their personal health information (PHI) than they are about their financial records. Seemingly some of the same people who have no problem submitting their credit card online or managing their bank accounts online also balk at sharing their health information from one health care provider to another.
I always compare it with this: you buy a washing machine. Do you want to know every detail on how the motor drives your wash around or do you simply want to press 3 buttons and make it work ?
People (users) dont want to bother with computer systems about security so they dont think about it. They dont want to be bothered with the risks of that credit card.
And why would they have a credit card if they cant use it due to security risks ?
However health suddenly triggers things. Like "i dont want my son to know this is happening to me" or "i dont want people in the neighborhood to know i have aids". It's much closer then "just a number on some piece of plastic".
September 13, 2011 at 6:55 am
Eduard (9/13/2011)
However health suddenly triggers things. Like "i dont want my son to know this is happening to me" or "i dont want people in the neighborhood to know i have aids". It's much closer then "just a number on some piece of plastic".
That's quite true. Money is impersonal, but health information is VERY personal hence the heightened security that we follow.
LinkedIn: https://www.linkedin.com/in/sqlrv
Website: https://www.sqlrv.com
September 13, 2011 at 7:44 am
I think there's a risk issue. Financial information has lots of liability stops. Report your CC stolen, limited to $50. Similar limits on some other accounts, plus insurance is available. There's a bit of distance here.
However if someone gets your medical info, it is very personal. They could disclose an issue that renders you unemployable, embarrassed, etc.
September 13, 2011 at 8:25 am
There are plenty of other places where bad data could cause problems. Many factories use computers to control processes, so bad data that caused a Bhopal like release of dangerous chemicals could kill or injure many people.
September 15, 2011 at 7:40 pm
Aaron N. Cutshall (9/12/2011)
djackson 22568 (9/12/2011)
One thing I forgot, soon your health records will be shared across the nation with anyone who wants access. It is called HIE's and HEN's. These groups will be requiring hospitals and doctors to share information on every patient. Your only recourse, to opt out.Yes that is right, we are going to take health records for every American and FORCE them to be shared with ANYONE who claims an interest! You can do nothing about it either, because they aren't providing a reliable way to opt out and guarantee it, and they aren't even worrying about security. It is all about how to share the date easily, security may come later, probably not.
Dave, I beg to disagree. As an HIE, while it is important to have APPROPRIATE access to APPROPRIATE medical records to provide the services that we do to improve the patient's healthcare, it is most certainly not shared with "ANYONE who claims an interest!"
Patients who do not participate cannot benefit.
It would seem you might be involved in developing an HIE. If that is true, I am happy you are. However I know of some people who are completely unconcerned with security and who are helping to design the requirements for one. My concerns were laughed at in a department meeting, until our director stood by me and explained how I was right to be concerned.
Also, what security will you use to determine someone is authorized? If I am laying on a bed having a heart attack when on vacation, I can't give authorization to the doctor I just met. If I give prior authorization for any medical staff to view it, how can you say everyone doesn't have access? If controlling access and violations of that control are not an issue, then why are so many people being sued for violating HIPAA?
Come now, you have to understand that you can't prevent unauthorized access by cheaters, much less hackers.
On the benefit part - how do I benefit from a future employer accessing my records and not hiring me because of my personal health history? How do I benefit from some insurance carrier not covering me? I see zero value for me, yet in Illinois the plan is to force everyone to opt out instead of opt in. Sorry, my body is my body, and the government is soooo breaching the constitution by setting these up the way they are being set up.
Do I see a benefit for some? Yes. Do I see a benefit for society? Yes - in fact we may stem a biological attack quicker if these are in place. Do I believe they will be 100% secure, or even 90% secure? As much as I believe I can walk on water. Glug glug, drowning...
Dave
September 15, 2011 at 7:47 pm
Aaron N. Cutshall (9/13/2011)
Eduard (9/13/2011)
Being able to access something doesn't mean your allowed to look it up ...That's very true. For example, I can get into trouble if I even look up my own PHI or that of my family members.
So can I. We have a product that monitors that. I can get around it in a second if I wish to.
Nothing is secure. Everything can be made secure to a point, but there is ALWAYS some way to get around security because we have limited resources. To play devil's advocate, if security were easy then why aren't modern devices like iPhones, Blackberry's and Android devices unhackable? They SHOULD be, because we know how to make things more secure, but we do such a horrible job that from what I understand someone recently used battery device drivers to hack Apple laptops. Default paswords. Is that any better than a blank SA account?
Dave
Viewing 8 posts - 16 through 22 (of 22 total)
You must be logged in to reply to this topic. Login to reply