Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Are medical records private?
1 point by specialist on Aug 22, 2013 | hide | past | favorite | 1 comment
Somewhat rhetorical: Is the NSA or other government agency also slurping up our medical records?

I'm now out of the loop. This is a question I'm hoping someone is asking.

Back when I implemented health information exchanges, we often had live data feeds to the CDC. Which is a great idea. True, patient data is de-identified. But that's meaningless if you have enough data to mine.

Data feeds between participants were typically SCP or VPN. But I have no idea how much protection that offers. Having worked with hospitals, I suspect the ends points are the weak links.

Sitting here listening to a presentation on the Affordable Care Act and all the reforms, including the new patient protections, I'm reminded to wonder what level of surveillance is being done.



In my research for my masters degree we found that the security of ehr systems was terrible (systems had Xss, SQL injection...pretty much the SANS top 25 most dangerous errors). In talking with a very large vendor (about 2 years ago now) we found that they were just starting to think about security issues, but were years behind best practices. (For more info http://andrew-austin.com/publications).

With the push towards health information exchanges and interoperability, I imagine systems are indeed wide open, not just to government agencies, but also random people walking hrough your hospital.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: