NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Attrition Dataloss> 2009-10

[Dataloss] fringe: Medical Records: Stored in the Cloud, Sold on the Open Market

From: security curmudgeon (jerichoattrition.org)
Date: Tue Oct 20 2009 - 02:26:38 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---------- Forwarded message ----------
From: InfoSec News <alertsinfosecnews.org>

http://www.wired.com/threatlevel/2009/10/medicalrecords/

By Kim Zetter
Threat Level
Wired.com
October 19, 2009

When patients visit a physician or hospital, they know that anyone
involved in providing their health care can lawfully see their medical
records.

But unknown to patients, an increasing number of outside vendors that
manage electronic health records also have access to that data, and are
reselling the information as a commodity.

The revelation comes in a recent New York Times article about how
so-called "scrubbed" patient data isn't as anonymous as people think. The
piece focuses primarily on how anonymized data can be cross-bred with
other publicly available databases, such as voting records, which subverts
the anonymity. Buried near the end of the article is the news that medical
data is collected, anonymized and sold, not by insurance agencies and
health care providers, but by third-party vendors who provide
medical-record storage in the cloud.

Electronic health record (EHR) services have been a growing industry in
the last few years, according to Sue Reber, marketing director of the
Certification Commission for Health Information Technology. Reber says
most vendors used to simply sell software packages; once the product was
sold, the vendor had no connection to the data stored in it. But an
increasing number of companies have begun to offer web-based
software-management applications that include database storage controlled
and managed by the vendor.

[...]
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]