Comment Re:Seems reasonable (Score 2) 119
If the insurers get together and set up a minimum requirement for the middle the costs would go down quickly. I'd say that at the minimum records should only be accessible via the intranet, with all machines able to access the intranet being company issued (BYOD is moronic). If internet access is allowed on the same machine it should only be through a virtual machine.
For financial and medical institutions the cost of a scheme like this should be negligible. My sister works for a bank and at least they have finally started agreeing with me a little, to work at home they now all use company issued laptops with smart card based VPN. She used to do it on her own laptop