[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Confidentiality Policies in Dr's Off Site Office
On Wed, 8 May 1996, Dick Mills wrote:
> What bothers me about S.1360 is that it depends on 30,000 separate trustee
> facilities to each define for itself "adequate safeguards". Of course
> nearly all of the people designing, operating, and maintaining these systems
> will be security amateurs. This virtually guarantees tens of thousands of
> *undetected* breaches of confidentiality each year.
No one wants the law to establish specific security rules. They would be
out of date before the law took effect, and changes would take years to
pass. The law will be supplemented by regulations, and that will provide
some flexibility and lots more detail. None of this is perfect, but you
can't have perfect. I think that your analysis of the existing security
situation is right on point.
> I predict that within the next 20 years the USA will experience a colossal
> medical-records scandal, as the result of a single criminal act, resulting in
> the records of 100 million or more people being irretrievably broadcast to
> the whole world on the Internet.
We already have an ongoing scandal. Paper medical records are routinely
bought, sold, and stolen. It is just that no one has done an
investigation to bring up the details. There was a study in Canada in
1980 that documented an unbelieveable amount of trafficking in medical
records, and many of the culprits were American insurance and
investigative companies. Still, I wouldn't necessarily be surprised if
computers made some things much worse as you suggest.
Bob
+ + + + + + + + + + + + + + + + + + + + + + + + +
+ Robert Gellman rgellman@cais.com +
+ Privacy and Information Policy Consultant +
+ 431 Fifth Street S.E. +
+ Washington, DC 20003 +
+ 202-543-7923 (phone) 202-547-8287 (fax) +
+ + + + + + + + + + + + + + + + + + + + + + + + +