Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - Ask Slashdot: HIPAA Privacy Compliance in the Snowden Age

Submitted by Motard
Motard (1553251) writes "For much of my career, I've worked in organizations subject to the Health Insurance Portability and Accountability Act. Among other things, HIPAA prescribes government-mandated regulations regarding the security surrounding Protected Health Information, or PHI.

In smaller companies, where I've been able to talk directly to the equivalent of a General Counsel, it has been interpreted as a requirement to employ reasonable measures to protect the information. In larger corporations — especially those that had found themselves entertaining representatives of The Office of The Inspector General — there are generally dedicated Risk Management or Security officers dedicated to eliminating risk — often without regard to practicality (since that isn't their charge).

So I ask this question: When it is demonstrated that a government contractor can flee to Hong Kong with classified secrets from the NSA (of all things), what chance does 'The Main Street Clinic' have of meeting the requisite data security requirements? At what point to we have to throw up our hands exclaiming "If the freaking NSA can't do it, how can we?""
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Ask Slashdot: HIPAA Privacy Compliance in the Snowden Age

Comments Filter:

A formal parsing algorithm should not always be used. -- D. Gries

Working...