Slashdot Mirror

← Back to Stories (view on slashdot.org)

Transcriber Threatens Release of Medical Records

Posted by michael on from the it's-10PM-do-you-know-where-your-gall-bladder-is dept.

talboito writes "David Lazarus of the San Francisco Chronicle reports on problems subcontracting sensitive data to outside firms. An unpaid Pakistani transcriber threatened to release medical records of patients at UCSF Medical Center on the internet. The article notes: 'U.S. laws maintain strict standards to protect patients' medical data. But those laws are virtually unenforceable overseas, where much of the labor-intensive transcribing of dictated medical notes to written form is being exported.' Most frightening, UCSF was unaware that its records were being sent overseas. The article traces their path backward through a chain of three different subcontractors."

5 of 377 comments (clear)

  1. Simply business by BWJones · · Score: 5, Insightful

    This is why certain aspects of business will always cause privacy problems such as this. The goal of many businesses is not to provide the best possible service or the best possible products. Rather it is simply to make money. This is why HMO's never made sense to me and why they were a con foisted upon the American public. They have not made the practice of medicine any cheaper, rather they have simply moved profits from the physicians, nurses and technicians and moved it to a new middle layer of management who makes decisions such as exporting transcription overseas to markets with no concern for privacy.

    --
    Visit Jonesblog and say hello.
  2. Real Issue by Rotten · · Score: 5, Insightful

    The problem is not overseas workers. The real issue here is sensitive information being processed by networks of subcontractors without the knowledge of the information owner.

  3. To put a positive spin on it. by Population · · Score: 5, Funny

    It only took a few hundred dollars to pay her off.

    Even extortion is cheaper when done overseas.

  4. Re:HIPPA? by radulovich · · Score: 5, Informative
    It already does. Subcontractors are covered under the "Business Associate" definition. The text of the law is located here in PDF format ( http://www.hhs.gov/ocr/combinedregtext.pdf)

    The law specifically states that any work that a healthcare organizations subcontracts out is to be held to the same standard. If the hospital did not insure that, then they are liable for both civil and criminal damages.

    This is actually one of the great things about the law. If an organization tries to escape any clause by subcontracting out the work, they are still liable. In this case, it seems that they did not even have an agreement with the contractors, which would be even larger penalties.

    As a final note, the hospital is already liable, because the woman sent patient records to the hospital via email. Unless the email was encrypted and only opened by the doctors giving care to the patients in record, then the hospital is liable. I expect the government will begin an investigation shortly, and the hospital will be fined within a year.

    Mark Radulovich, CISSP, NSA/IAM

  5. It's not limited to software companies by christoofar · · Score: 5, Interesting

    I know of a particular BIG insurance company here in Texas that outsources a LOT of their core work overseas. This company happens to cater to members of the US armed forces and civil service employees. When people get deployed or move, they have to call this company to have all their addresses changed.

    To think... now India and Pakistan probably now have a good listing of where a lot of our US service members are located. It's glad that India and Pakistan are our "aliies" or we'd really be in the shit now...