Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: HIPAA Privacy Compliance in the Snowden Age

Motard (1553251) writes | about a year ago

0

Motard (1553251) writes "For much of my career, I've worked in organizations subject to the Health Insurance Portability and Accountability Act. Among other things, HIPAA prescribes government-mandated regulations regarding the security surrounding Protected Health Information, or PHI.

In smaller companies, where I've been able to talk directly to the equivalent of a General Counsel, it has been interpreted as a requirement to employ reasonable measures to protect the information. In larger corporations — especially those that had found themselves entertaining representatives of The Office of The Inspector General — there are generally dedicated Risk Management or Security officers dedicated to eliminating risk — often without regard to practicality (since that isn't their charge).

So I ask this question: When it is demonstrated that a government contractor can flee to Hong Kong with classified secrets from the NSA (of all things), what chance does 'The Main Street Clinic' have of meeting the requisite data security requirements? At what point to we have to throw up our hands exclaiming "If the freaking NSA can't do it, how can we?""

cancel ×

0 comments

Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?