Texas Does Poor Job of Securing Patient Info

_Sharp'r_ writes "This new security audit from Texas is an example of why the solution to medical privacy isn't to store it all in a big government database. The report describes a myriad of problems with state health and welfare agency's information security. Some of the problems cited include lack of firewalls, wide open wireless access points and all the other "usual suspects" that we've come to expect from a government security solution. The network is especially vulnerable to internal misuse, according to the report. For example, 'poor access controls' allowed a Department of Health customer service employee to create 74 fraudulent birth certificates. The report found that many of the agencies' nearly 50,000 workers have access to "tremendous amounts of decentralized, confidential data." You can also access an html formatted version of the full report."

The Problem Isn't Governments Having Information

[MBCook]

The problem isn't that the government is collecting information, it's that the government is using something that it often doesn't know anything about: computers. There is nothing wrong with the government having a large medical database for example, if it's properly secured. That is why the governement should, IMHO, have private companies compete for contracts to do the actual IT work. This would insure that we had power over sloppy work. If it's the government that's doing things, we just compain and try to get new people into the position. But with a private company, we can always say "Well if you make another mistake and don't fix that one fast, we can have XYZ Corp doing things by Monday." Obviously, such a large contract would be important to a company.

Please note that this post has nothing to do with privacy in it's self, I'm just talking about how we should have someone else do the "grunt work", in this case security and maintence, than Uncle Sam.

Great. More taxes...

[Dunkirk]

I mean, that's the point of the study, right? No, I haven't read it. But that's the point of EVERY government study: to justify more taxes.

Similar story just hit the UK

[DrSkwid]

NHS patient privacy? What patient privacy!
By John Leyden
Posted: 11/02/2003 at 12:50 GMT

Up to 200,000 requests are made by investigators under false pretences to obtain health information on British patients each year. And most attempts succeed, according to the Foundation for Information Policy Research (FIPR).

But you can trust the government! Really you can..

[ShatteredDream]

Afterall the government never sells your information to corporations (think most DMVs). It never collects whatever data it can just in case it never needs it (Carnivore, USA PATRIOT Act dragnetting). It never undermines your ability to defend yourself against violent and deranged fucks (gun control, school zero tolerance policies). It never limits your free speech rights or your access to information (DeCSS cases, CDA, DMCA and again the PATRIOT Act). Its punishments never go over the top for those that commit non-egregious offenses (40 years for posession of a kilo of cocaine, $250K in fines for copying 10 DVDs). And of course our elected officials make great role models for kids (damn, I'd now be having to find exceptions, not examples).

In short, too many people trust their government. It's easy to believe that "we're the government." But we aren't. Who in their right mind believes 90% of what is on the federal and state law books would be there if we had a republic where representatives were chosen like jurors, not by popular vote? Our corrupt political class loves to say "it's in the public interest." You see, we don't see their "bigger picture" that includes the so-called benefits of having the government possess the full medical records of its citizens. Afterall it takes only one bill or amendment to one that gives insurance corporations full access to this. It's one thing to let them demand you give it to them to get insurance, it's another to force the people at gun point, which is how all laws are ultimately enforced, to give their information to the government who then can sell it to raise some more money needed to hide part of the proof of its fiscal irresponsibility.

So again sheeple, repeat after me. "We're the government. This happens because we want it to. Democracy works and the people are in charge. You can trust your government. Bahh baahhhh baaahhhh"

'The Real Story'?

[gmhowell]

The real story has nothing to do with government databases. The story has to do with the fact that almost anyone, at any time, can get access to your medical data. Want to know how? Slip someone on the cleaning crew a Franklin. The original paper chart will be yours in minutes.

All the bullshit surrounding HIPAA and other requirements merely increase the paperwork required for medical professionals to do their job. If your wife wants to know if you've got VD, a simple subpoena will suffice. Since your insurance company is paying for your claims, they've got both a diagnosis and a treatment plan. Sure, you can have your privacy, but that means you're going to pay as you go.

Who the hell are you keeping your medical records private from? If you are a drunk and/or drug abuser, your coworkers, friends, and family already have a pretty good idea. If you have AIDS, anyone who you fuck should be told anyway.

What's the big idea if someone knows your A1C? Knowing these results isn't a problem, acting on them in a discriminatory matter is a problem. But for that, there are already guidelines in place, with legal precedence set.

There's another trick, at least in the US: medical pay is for shit. Doctors do okay, everyone else does lousy. The money is much better in porn sites. The money available to pay admins won't get you a competent person (except for me. I'm a cheap lay.) Where is all the money going? Lame ass stuff. Procedures to extend the life of a terminal cancer patient for an extra two months. Put more money into preventative care. Oh, wait, that was tried with HMO's. But every little pissant got annoyed because they couldn't see their holy shaman....errr specialist. Public programs (medicare and medicaid) pay reasonable amounts for 'emergency' care, but next to nothing for preventative maintenance.

Smoking is one of the deadliest scourges to face society, yet no insurance company covers nicotine replacement therapy, support groups, etc.

Re:'The Real Story'?

[Amazing+Quantum+Man]

If you have AIDS, anyone who you fuck should be told anyway.


But I don't fuck my employer. Why should my employer know that I have cancer/am diabetic/am HIV positive/have [INSERT MEDICAL CONDITION HERE]?

Re:'The Real Story'?

[gmhowell]

They shouldn't know, but what does it hurt if they do know? It's not legal for them to discriminate for non job related things. If they do, you go after them that way.

BTW, wanna know a real nightmare? Trying to be a medical employer. Each employee has no fewer than three charts, with only certain data available for certain people. All are under separate lock and key.

Which winds up all being for naught, as most of the employees are more than willing to spill almost any details relative to their own illnesses.

Re:The Problem Isn't Governments Having Informatio

[Nos.]

Then lets look at why the government IT workers don't know/care about these issues.
(From personal experience in the Canadian Gov't)

• Incompetence is promoted. If you're a yes-man/woman and never disagree with anything the boss says, you'll go far!
• Job Stability - There's no fear of being fired if you leave something horribly insecure or only do a half-ass job.
• Benefits are good, but salaries aren't. Those that are truly skilled are finding better paying and more satisfying jobs in the private sector (and why I'm on a year leave while I work in the private sector for a while)

This is not to say this is the case for all IT workers/management everywhere. There are some very talented and motivated people working for the government, however, its been my experience that the best solution isn't always picked by those who make the decisions.