HIPAA is a big deal. The upside is that they aren't even using them out of the office. They're just a toy. They can't leave the office with charts, nor do they have external patient data access. They even download before they leave due to the fact that if they don't, their letters won't be dictated until they return it. It's just a control issue.
<br><br><p><DEFANGED_div class="gmail_quote">On Nov 29, 2007 1:51 PM, Douglas Rehfeldt <<a href="mailto:drehfeldtusa@gmail.com">drehfeldtusa@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" DEFANGED_style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
The statement "but now we're replacing about 1 a month due to lost items"<br>got me thinking. Mmm, I would guess that there are some HIPAA requirements<br>related to this data. Encryption might not just be an option.
<br><br>An organization is charged with securing confidential information. It can be<br>held negligent if it does not take "reasonable steps" to protect the<br>information. Consider a jury trial involving a negligence lawsuit, would
<br>the jurors consider allowing thumb drives without encryption or a secured<br>file system a reasonable action by an organization charged with securing<br>their private information? I'm not a lawyer, but if I was a juror for a
<br>HIPAA-type organization on trial, it would be difficult to convince me that<br>the organization wasn't negligent given the technology and security controls<br>available today. Then again, I'm not a lawyer.<br>
<br>_______________________________________________<br>grlug mailing list<br><a href="mailto:grlug@grlug.org">grlug@grlug.org</a><br><a href="http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug" target="_blank">http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
</a><br></blockquote></p><DEFANGED_div><br>