[GRLUG] Data on portable media
Justin Popa
tehpopa at gmail.com
Thu Nov 29 21:39:59 EST 2007
HIPAA is a big deal. The upside is that they aren't even using them out of
the office. They're just a toy. They can't leave the office with charts, nor
do they have external patient data access. They even download before they
leave due to the fact that if they don't, their letters won't be dictated
until they return it. It's just a control issue.
On Nov 29, 2007 1:51 PM, Douglas Rehfeldt <drehfeldtusa at gmail.com> wrote:
> The statement "but now we're replacing about 1 a month due to lost items"
> got me thinking. Mmm, I would guess that there are some HIPAA
> requirements
> related to this data. Encryption might not just be an option.
>
> An organization is charged with securing confidential information. It can
> be
> held negligent if it does not take "reasonable steps" to protect the
> information. Consider a jury trial involving a negligence lawsuit, would
> the jurors consider allowing thumb drives without encryption or a secured
> file system a reasonable action by an organization charged with securing
> their private information? I'm not a lawyer, but if I was a juror for a
> HIPAA-type organization on trial, it would be difficult to convince me
> that
> the organization wasn't negligent given the technology and security
> controls
> available today. Then again, I'm not a lawyer.
>
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shinobu.grlug.org/pipermail/grlug/attachments/20071129/342d2a5b/attachment-0001.htm
More information about the grlug
mailing list