Accessing Medical Files Over P2P Networks

← Back to Stories (view on slashdot.org)

Accessing Medical Files Over P2P Networks

Posted by Soulskill on Saturday February 28, 2009 @02:18AM from the doctor-patient-entire-internet-confidentiality dept.

Gov IT writes with this excerpt from NextGov: "Just days after President Obama signed a law giving billions of dollars to develop electronic health records, a university technology professor submitted a paper showing that he was able to uncover tens of thousands of medical files containing names, addresses and Social Security numbers for patients seeking treatment for conditions ranging from AIDS to mental health problems. ... The basic technology that runs peer-to-peer networks inadvertently exposed the files probably without the computer user's knowledge, Johnson said. A health care worker might have loaded patient files onto a laptop, for example, and taken it home where a son or daughter could have downloaded a peer-to-peer client onto the laptop to share music."

137 comments

Min score:

Reason:

Sort:

P2P?! Oh no! by Manip · 2009-02-28 02:24 · Score: 4, Insightful

Sorry but what does one have to do with another?
Currently Doctors are using word documents with every patient's name as the title in some locations. While others are using VB apps with a Acess Database type solution.
Putting real money into a real electronic system with access controls and a audit trail is a GOOD thing and will stop things like records spreading onto P2P networks.
It is good for patients, it is good for doctors, and it is good for the general quality of healthcare.
I grant that it is expensive though. I also grant that governments are bad at large IT projects and always give it to the lowest bidder.
1. Re:P2P?! Oh no! by Anonymous Coward · 2009-02-28 02:57 · Score: 2, Interesting
  
  I also grant that governments... always give it to the lowest bidder.
  This is a problem within a lie. Governments outsource to whomever civil servants or politicians are friends with, where friendship in politics is all about the kick-backs. This is true whether we're talking about a multi-billion dollar IT project or who gets chosen to clean the office. It's more obvious in the latter case, where there's always that mysterious 100% agency mark-up over simply hiring an employee directly. In the former case, it's about tailoring requirements so that precisely one bidder will be deemed appropriate (the core of this approach being a straightforward lie about what's going to be charged).
  The correct solution is for the government to do its own work. If it finds that it needs outside help, it's probably trying to do something the government shouldn't be doing at all.
2. Re:P2P?! Oh no! by commodore64_love · 2009-02-28 03:03 · Score: 3, Insightful
  
  >>>will stop things like records spreading onto P2P networks.
  Right because the government has never, ever accidentally let private information leak out ("Congressional worker has laptop stolen)." They government has never, ever let anyone have access to my social security number ("State website published millions of SS numbers online"). We can trust the government to keep our stuff secure ("Our records show you were unemployed in 2003." "How do you know that?" "We just called the IRS; they reported your income was near-zero.")
  Go watch GATTACA if you believe having our medical records available to any doctor who asks is such a great idea. With public sharing of formerly-private data, companies can discriminate against unhealthy persons whenever they desire. Here's a link: http://isohunt.com/torrent_details/39287978/GATTACA?tab=summary
  It's bad enough I have a credit score attached to my name, along with how much debt I owe, with which employers can decide to hire or not hire me. Now they'll learn about my heart condition, and in order to reduce medical costs, decide to skip-over me and give the job to someone else.
  This idea is all kinds of bad.
  
  --
  "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
3. Re:P2P?! Oh no! by drewvr6 · 2009-02-28 03:05 · Score: 2, Insightful
  
  On top of being expensive, I have a concern that such a huge system would be extrememly hard to upgrade on a consistent basis. My experience has been that government computer systems (outside of No Such Agency) tend to lag far behind commercial IT infrastructures. Quite possibly due to the massive budget/oversight/scale that the government impliments. I see in our own environment the difficulty in maintaining the most up-to-date versions of our software much less implimenting new technologies as they come to the forefront. Can a beauracracy stay close enough to cutting-edge to warrant the expenditure or are they biting off more than they can chew?
  
  --
  Now we see the violence inherent in the system.
4. Re:P2P?! Oh no! by jellomizer · 2009-02-28 03:10 · Score: 1
  
  I grant that it is expensive though. I also grant that governments are bad at large IT projects and always give it to the lowest bidder.
  Not as expensive as you think. These real solutions not the cheesy hacks also handle the billing and reduce the need for expensive transcriptionist. Normally after they get a service they can save thousands per month. Even more if they get it threw a reputable SaaS who will intern keep proper backups and insure the data security.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
5. Re:P2P?! Oh no! by Spoogleman · 2009-02-28 03:13 · Score: 0
  
  RIAA P2P smear campaign you say?
6. Re:P2P?! Oh no! by pjt33 · 2009-02-28 03:53 · Score: 1
  
  The security models for medical data which allow your doctor to find out everything he needs to know to treat you without allowing world and dog to find out everything they need to know to discriminate against you have been around for years. I remember them being covered in lectures when I studied CS a decade ago.
7. Re:P2P?! Oh no! by webnut77 · 2009-02-28 03:56 · Score: 2, Insightful
  
  Mod parent up!
  
  When Big Brother collects information about us, the potential for harm far out-weighs the good. I think only I should decide who has access to my medical records. Not some secretary who gets charmed by an insurance company rep or bribed by a scam artist wanting to take advantage of my medical condition.
  
  And billions of dollars! The President and Congress have no concept of how hard we work to get that money.
8. Re:P2P?! Oh no! by ValentineMSmith · 2009-02-28 03:58 · Score: 1
  
  Please someone mod this insightful, intelligent or otherwise freakin' brilliant! There have been discussions of the VA's medical database in the not-too-distant past on Slashdot (too lazy to try to track the links down right now), and they've (rightly) concentrated on the antiquity of the current database management system.
  And, in my opinion, oversight is the problem. If you have enough oversight to keep a$$hats from taking advantage of the system, it becomes virtually impossible to get anything done. Then, you have the inertia of having 20 years worth of medical data that has to at least be accessible from the new system (even if it isn't migrated). If you decrease oversight enough that the system can be responsive, the next thing you know is that everyone starts bring in their brothers/sisters/parents and making them contractors.
  Although, to be fair, system stability is another big problem. When my health is riding on the health of the medical records system in a particular hospital, I want the system to be more stable than I am.
  
  --
  Karma: Chameleon - mostly influenced by bad '80s New Wave music
9. Re:P2P?! Oh no! by Anonymous Coward · 2009-02-28 04:03 · Score: 1, Informative
  
  Now they'll learn about my heart condition, and in order to reduce medical costs, decide to skip-over me and give the job to someone else.
  See GINA. But really the whole point of Health IT is that it's one step towards universal health care. In such a system there won't be discrimination against "pre-existing" conditions and your health history is not your employer's business.
  I understand the privacy concerns and but again the goal is make such fears of discrimination moot.
10. Re:P2P?! Oh no! by RiotingPacifist · 2009-02-28 04:20 · Score: 4, Insightful
  
  >>>will stop things like records spreading onto P2P networks.
  Right because the government has never, ever accidentally let private information leak out ("Congressional worker has laptop stolen)." They government has never, ever let anyone have access to my social security number ("State website published millions of SS numbers online"). We can trust the government to keep our stuff secure ("Our records show you were unemployed in 2003." "How do you know that?" "We just called the IRS; they reported your income was near-zero.")
  An inperfect but well designed system is miles better than the current system.
  
  Go watch GATTACA if you believe having our medical records available to any doctor who asks is such a great idea. With public sharing of formerly-private data, companies can discriminate against unhealthy persons whenever they desire. Here's a link: http://isohunt.com/torrent_details/39287978/GATTACA?tab=summary
  Go watch people die when a doctor doesn't have a full medical record when treating a patient.Wow a sci-fi film must obviously have taken a lot more time to do a cost benifit analysis of the situation, and come to a much better conclusion about what would really happen, than an actual analysis of the situation.
  
  It's bad enough I have a credit score attached to my name, along with how much debt I owe, with which employers can decide to hire or not hire me. Now they'll learn about my heart condition, and in order to reduce medical costs, decide to skip-over me and give the job to someone else.
  This idea is all kinds of bad.
  Erm when did the medical records become public information? Having a system where a doctor (when authorized), can access your medical records (when needed ( with proper punishment when its abused)), is very different from given everybody full access to your medical records.
  
  --
  IranAir Flight 655 never forget!
11. Re:P2P?! Oh no! by RiotingPacifist · 2009-02-28 04:22 · Score: 1
  
  yeah the potential harm, if they are out to get you, outweighs the benifit of you not dying.
  
  --
  IranAir Flight 655 never forget!
12. Re:P2P?! Oh no! by RiotingPacifist · 2009-02-28 04:23 · Score: 2, Insightful
  
  why does it need to be accessible from the latest and greatest system?
  
  --
  IranAir Flight 655 never forget!
13. Re:P2P?! Oh no! by webnut77 · 2009-02-28 04:38 · Score: 2, Informative
  
  yeah the potential harm, if they are out to get you, outweighs the benifit of you not dying.
  Where there is money to be made (or for that matter, power to be gained) they are out to get you.
  
  Explain the part about dying.
14. Re:P2P?! Oh no! by ValentineMSmith · 2009-02-28 04:39 · Score: 1
  
  Well, it doesn't have to be accessible from the absolute latest and greatest system. However, we're talking about a DBMS old enough that it is still hierarchal instead of relational. None of the common commercial tools available for other relational systems really work with the VA's system. Then, it makes it very difficult to get qualified people to work on (and audit) your systems when they're so old that all the experts are pretty much homegrown.
  
  --
  Karma: Chameleon - mostly influenced by bad '80s New Wave music
15. Re:P2P?! Oh no! by neal3350 · 2009-02-28 04:58 · Score: 1
  
  P2P vs electronic medical records are not really that related. Although I agree the government has not always kept records safe, neither has private industry. I thought the main problem that electronic medical records was meant to fix was making sure information could get from one doc or insurance company correctly and securely. At least several years ago when I looked at this, the insurance company had an incentive to have things mis-tagged so they don't have to pay. Therefore they were reluctant to standardize systems.
16. Re:P2P?! Oh no! by mattwarden · 2009-02-28 05:13 · Score: 2, Insightful
  
  Spoken like an IT genius who doesn't understand a thing about non-technical business folk, especially non-technical government folk.
  Would you care to estimate the percentage of end users who will copy&paste everything from this shiny new fully-encrypted fully-audited health records management system into their personal collection of word docs and excel sheets?
17. Re:P2P?! Oh no! by p0tat03 · 2009-02-28 06:16 · Score: 3, Insightful
  
  That makes no sense. Public health care has nothing to do with an advanced IT system; up here in Canada we didn't have anything that can even share files between doctors until relatively recently (less than a decade). The public health care system works without it.
  The GP's point is that given this sort of system in a private health care environment, abuse is not only probable, but inevitable.
18. Re:P2P?! Oh no! by Anonymous Coward · 2009-02-28 06:28 · Score: 0
  
  Well you being a Canadian I'll assume you haven't been paying close attention to American politics. But the main reason behind Health IT is to make the system more efficient thereby decreasing costs. The money supposedly saved (among other cuts and increases in taxes) contributes towards funding a universal health care policy.
19. Re:P2P?! Oh no! by Anonymous Coward · 2009-02-28 07:48 · Score: 0
  
  Putting real money into a real electronic system with access controls and a audit trail is a GOOD thing and will stop things like records spreading onto P2P networks.
  No it won't. You need look no further than what has already happened with Medicare and its mandatory use of SSNs by private health insurers to check on Medicare eligibility (see USC 42 1395y) to see that having this information spread out across hundreds of thousands of doctor's offices and thousands of private health insurers and group health plan administrators will leak information in more ways than you can even imagine, no matter how hard you try.
20. Re:P2P?! Oh no! by Anonymous Coward · 2009-02-28 08:09 · Score: 0
  
  One reason why we in government tailor bids to get a specific company to win is because we analyzed the problem and found that this piece of hardware from company x has all the features we need. Once it goes into an open bid if the specs were not nailed down to the bolts on the box, what you end up with won't work properly and you just wasted tons of money. Now if two companies have the same features and both are interchangeable then most likely the cheapest bidder will win. And you must consider all the factors at play, not just the written price.
21. Re:P2P?! Oh no! by bonch · 2009-02-28 08:20 · Score: 0, Troll
  
  I grant that it is expensive though. I also grant that governments are bad at large IT projects and always give it to the lowest bidder.
  Seems like you just tore down your own argument here...
  The problem isn't the idea of an electronic system. The problem is the government being involved. Governments fuck things up, constantly. Obama seems to be a big government guy. This scares me.
22. Re:P2P?! Oh no! by Heather+D · 2009-02-28 10:46 · Score: 1
  
  If it is properly implemented it would be an improvement. Since it seems that we're going to get it anyway here's to hoping that it is done right.
23. Re:P2P?! Oh no! by Heather+D · 2009-02-28 10:58 · Score: 1
  
  Would you care to estimate the percentage of end users who will copy&paste everything from this shiny new fully-encrypted fully-audited health records management system into their personal collection of word docs and excel sheets?
  Probably about the same as those who do it now.
  That is if the system is not done right. And yes it probably won't be. I've described secure systems to people before and it's rare to get past the "No removable drives or personal files allowed." part before they start campaigning to neuter it.
  A real secure system would prevent this sort of thing but the odds that we'll ever actually develop the spine needed to implement such a system are close to zero.
24. Re:P2P?! Oh no! by fwr · 2009-02-28 13:30 · Score: 1
  
  I don't think it is actually that difficult to create a system that does not allow copying of patient data into the clipboard. You should be able to prevent screen shots when critical data is displayed also. I'm uninterested enough to avoid spending the time looking up whether this is actually possible with the existing Windows or X API's, but there's no reason why this functionality can't be provided.
25. Re:P2P?! Oh no! by Max+Threshold · 2009-02-28 13:47 · Score: 1
  
  Exactly. For years I've amused myself by putting common file extensions like "doc" and "pdf" into the search fields of P2P clients. It's amazing, some of the sensitive private stuff that turns up.
26. Re:P2P?! Oh no! by RiotingPacifist · 2009-02-28 13:48 · Score: 1
  
  1) You get hit by a car or are otherwise rushed to A&E unconscious.
  2) You have a rare medical condition/allergy.
  3) The Doctor doesn't have time to make the phone calls to get your medical records.
  4) He treats you with the generic cure (that reacts badly with your condition/allergy).
  5) Death
  I much prefer:
  3) Doctor/nurse takes your wallet and gets your medical records
  4) He treats you with the alternative treatment
  5) Life
  
  --
  IranAir Flight 655 never forget!
27. Re:P2P?! Oh no! by webnut77 · 2009-02-28 13:58 · Score: 1
  
  OR
  
  3) Doctor/nurse takes your wallet and finds your allergy card (could also get telephone numbers for your doctor, wife, neighbor, pharmacy, etc.)
28. Re:P2P?! Oh no! by RiotingPacifist · 2009-02-28 14:33 · Score: 1
  
  An allergy card isnt going to have "currently being treated for X with Y" on it
  Nor will you tell your wife/neighbor your being treated for X which you caught of some hooker, and in a time critical situation, when your doctor (which is the only safe bet anyway as you may not have a wife/give your neighbors a full medical history) may not even be awake, looking up your details in a DB is a hell of a lot faster than making a phone call.
  
  --
  IranAir Flight 655 never forget!
29. Re:P2P?! Oh no! by commodore64_love · 2009-02-28 23:36 · Score: 1
  
  This is all a moot point if you are currently unemployed, because no employer will hire you because you have a disease, which the employer discovered by looking-at your medical records.
  
  --
  "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
30. Re:P2P?! Oh no! by commodore64_love · 2009-02-28 23:41 · Score: 2, Informative
  
  >>>your health history is not your employer's business.
  It's not their business about my IRS or SS earnings either, and yet a potential employer (CarMax) still managed to recover my annual income levels for the last 10 years, and uncovered that I was unemployed for most of 2003 ("You're income levels were near-zero that year; what happened?"). You're naive if you think your information is secure.
  
  --
  "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
31. Re:P2P?! Oh no! by Anonymous Coward · 2009-03-01 02:40 · Score: 0
  
  An inperfect but well designed system is miles better than the current system.
  Not. With the current system your records may be exposed if you are very unlucky and it's very unlikely they will be exposed to someone who actually cares about them. With the new system anybody's records can be accessed and sold by a corrupt employee. Everyone is vulnerable.
  
  Go watch people die when a doctor doesn't have a full medical record when treating a patient
  Then give me a smartcard with my records on. I always carry my wallet. If I'm unlucky enough to simultaneously lose my wallet and suffer a medical emergency then the hospital won't be able to identify me and access my records anyway.
  
  Erm when did the medical records become public information? Having a system where a doctor (when authorized), can access your medical records (when needed ( with proper punishment when its abused)), is very different from given everybody full access to your medical records.
  At the same time all the other records that are constantly leaked became public information. That is, never. Doesn't stop them leaking though.
  To reiterate. As long as none of the six employees at my local medical practice are corrupt my records are safe. Under the new system my records are safe as long as nobody in the entire country is corrupt.
  Every process that could make the system secure won't be implemented because it will "take money from patient care".
32. Re:P2P?! Oh no! by mattwarden · 2009-03-01 16:09 · Score: 1
  
  It's not possible. If you display the data, it can be copied. This goes back to the old DRM arguments.
33. Re:P2P?! Oh no! by mattwarden · 2009-03-01 16:14 · Score: 1
  
  > A real secure system would prevent this sort of thing
  There is no such thing, unless you're going to allow no access at all to the data. The best you can hope for is to make it difficult enough that non-technical doctors won't know how or won't care to circumvent your road blocks.
34. Re:P2P?! Oh no! by fwr · 2009-03-01 16:16 · Score: 1
  
  There are limits that the OS, or GUI environment, can place on copying the data. Sure, a doctor can take a picture of the screen, but how likely is that, really? If you don't allow copy and paste within the application, and you deny screen capture, then that would avoid 95% of the issue. There will be that 5% that takes a picture of the screen, if that, but then you are talking about a concerted effort to copy patient data and that can be handled by laws or regulations.
35. Re:P2P?! Oh no! by mattwarden · 2009-03-02 03:06 · Score: 2, Informative
  
  If the data is being displayed, then it is unencrypted in memory. The doctor doesn't have to do anything. An enterprising IT individual who understands the doctor's wishes to manage the data in their own way will write a tool -- perhaps even open source -- that will extract the data from memory and output to a comma separated file. Done.
36. Re:P2P?! Oh no! by Heather+D · 2009-03-04 14:54 · Score: 1
  
  There is no such thing, unless you're going to allow no access at all to the data. The best you can hope for is to make it difficult enough that non-technical doctors won't know how or won't care to circumvent your road blocks.
  That would be good enough. Most security breaches come from convenience. Things like Flash drives walking out the door and such. When we have a system that's as secure as a good filing cabinet we can call it secure. As it is now we might as well just put the files in a public library in some cases.
37. Re:P2P?! Oh no! by jabster · 2009-03-05 03:53 · Score: 1
  
  I think you're missing the point of a "universal health care database."
  The point is NOT to enable any doctor access to your health care information (as you change doctors, see a specialist, etc).
  The point is to that the GOVERNMENT has access to all of your health care information. That's why this is A Bad Thing(tm).
  P2P and lack of security is a diversion.
  Obama wants the single format health care information so that he can, in the not to distant future, start a) taxing you on your health status (Oh, you gained 5 pounds, your insurance premium goes up); and b) "better" determine who gets access to rationed medical procedures once "universal" coverage comes into play (Let's see...two people need a bypass operation...this one smokes....give it to the other guy who's only mildly overweight).
  
  --
  Slashdot: you'll not find a more wretched collection of villainy and disreputable types...
38. Re:P2P?! Oh no! by mattwarden · 2009-03-06 10:38 · Score: 1
  
  No, sorry, that is not "good enough" for my medical information. You are comparing against a data breach that currently requires physical access and for which we have centuries of preventative and reactive security techniques. There is very little accountability for electronic data breaches. Everyone just sort of shrugs and says "these things happen." If someone breaks into a medical office, that is not at all the response.
Wrong issue by ZouPrime · 2009-02-28 02:24 · Score: 5, Insightful

The issue here aren't P2P networks. The issue is government employees either loading confidential data on non-approved environments, or unauthorized software being installed on supposedly restricted environments. Both these problems must be addressed with traditional security controls that are completely independent of P2P technologies.
1. Re:Wrong issue by evilkasper · 2009-02-28 02:28 · Score: 5, Insightful
  
  Exactly until they people handling the sensitive or classified material learn how to handle it with the care it needs we will keep seeing things like this. I mean how many times a week do we see something about a lost or stolen laptop or device that contained sensitive information. The issue (as per normal) is the USERS
2. Re:Wrong issue by evilkasper · 2009-02-28 02:29 · Score: 1
  
  wow I should drink coffee before posting... typos
3. Re:Wrong issue by ValentineMSmith · 2009-02-28 02:33 · Score: 5, Insightful
  
  Neither the story nor the summary mentioned anything about government employees. The private sector is just as capable of screwing up as the government is.
  
  --
  Karma: Chameleon - mostly influenced by bad '80s New Wave music
4. Re:Wrong issue by ZouPrime · 2009-02-28 02:36 · Score: 1
  
  Oh I'm sorry, you're perfectly right.
  I live in a country where most healthcare providers ARE government employees...
  My mistake.
5. Re:Wrong issue by Anonymous Coward · 2009-02-28 02:37 · Score: 0
  
  The private sector is just as capable of screwing up as the government is.
  
  I'd argue that the private sector is more likely to screw it up. After all, they're only in it for the money.
6. Re:Wrong issue by ValentineMSmith · 2009-02-28 02:42 · Score: 1
  
  No worries! I'm a government employee involved with electronic medical records, and I tend to get a bit thin-skinned about such things. Sorry if I sounded grouchy! (Off in search of coffee.)
  
  --
  Karma: Chameleon - mostly influenced by bad '80s New Wave music
7. Re:Wrong issue by mc1138 · 2009-02-28 02:46 · Score: 3, Informative
  
  I used to work as an IT outsourcer, and security becomes a big headache with lots of Doctors. Quite often Doctors like to be able to work from home either via VPN or some other remote solution, or just taking work home with them. Then comes the problem that most of them aren't very technically inclined and/or let their kids do whatever they want. It doesn't matter how much training or what you implement, Doctor's especially those with private practices will always find a way to mess things up and pose security risks.
  
  --
  The musings of just another geek and his junk.
8. Re:Wrong issue by Sanat · 2009-02-28 02:58 · Score: 1
  
  Exactly which word is misspelled? Perhaps the punctuation could be a little different but no typo's that I see.
  
  --
  And in the end, the love you take is equal to the love you make
9. Re:Wrong issue by Anonymous Coward · 2009-02-28 03:00 · Score: 0
  
  The Private sector insurance companies transfer all of the medical files to countries with lower wages to type it all in.
10. Re:Wrong issue by commodore64_love · 2009-02-28 03:06 · Score: 1
  
  If Uncle Sam healthcare ever happens in the U.S., I think I'm going to be frequently sick. As long as I'm paying $10,000 a year in health taxes, I might as well get my money's worth:
  "Doctor I ate too much pizza. Can you cure my heartburn?"
  "Doctor I stubbed my toe. Can you X-ray it to make sure it's okay?"
  "Doctor I have a papercut. Can you wrap my finger?"
  
  --
  "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
11. Re:Wrong issue by Anonymous Coward · 2009-02-28 03:08 · Score: 0
  
  Are you trying to refute or support my argument?
12. Re:Wrong issue by Anonymous Coward · 2009-02-28 03:20 · Score: 0
  
  Considering you made typos a possessive, I'm not surprised you didn't see his typo. Unless you consider "they people" to be correct grammar.
13. Re:Wrong issue by __aajwxe560 · 2009-02-28 03:23 · Score: 3, Interesting
  
  The private sector indeed is just as capable at screwing this up. In my own experience doing some moonlighting systems/network consulting, I have come across a Doctor's office that had a wide open network hanging off of a cable modem connecting with a Comcast business account, no firewall, Windows desktops completely open. The home-based DLink router they had as a central hub did actually have some base firewall capabilities, but was a previous consultant thought it was interfering with a software capability to talk to the insurance company, and so thoughtfully turned it off completely.
  
  You would think a hospital with their own full time technical staff might rank better. A prominent Boston area hospital was building out a branch location in the suburbs. I visited to install an Oracle server, and noticed that because of constraints on network cabling at the time, they were using Linksys wireless through-out the office for connectivity, with no encryption. I raised this concern immediately with the director of the office, but was told not to worry, as this was only a "temporary" solution until they could get a cabling vendor in to run something more formal. My largest concern was that this office was still directly tied into the back-end of the main hospital data network, and thus, from the parking lot, it was trivial at best to get onto the hospital network.
  
  I understand these are only two limited examples, but their still lacks any real capabilities to be able to keep medical records secure through-out the chain. Until something akin to PCI for medical records really takes place, complete with audit controls, etc, I don't see the situation changing all that much. PCI itself has flaws, but it is an attempt to actually place controls on credit card data from swipe to credit card company.
14. Re:Wrong issue by cheesybagel · 2009-02-28 03:24 · Score: 1
  
  Just don't store anything client side then. I see nothing that doctors do that needs to be stored in the client side. Text medical records? Google Docs does it way beyond anything needed for that. X-rays? Google maps can visualize high-resolution images. None of those apps are client side. Just add password login and SSL encryption and you're done.
15. Re:Wrong issue by Registered+Coward+v2 · 2009-02-28 03:29 · Score: 1
  
  Exactly until they people handling the sensitive or classified material learn how to handle it with the care it needs we will keep seeing things like this. I mean how many times a week do we see something about a lost or stolen laptop or device that contained sensitive information. The issue (as per normal) is the USERS
  While I fully agree that it is a user issue; i do not absolve p2p networks fully of any responsibility.
  Proper system design can help avoid such issues without user intervention. For example, file sharing should require user intervention to select the type, location, and other attributes of files to be shared. Sharing should not be enabled by default.
  While users can (and will) still do stupid things; proper systems design can help avoid problems. Having been involved with human factors design, I've seen plenty of cases of operator error where the system played a key role in enabling the error. To simply blame the error on the operator fails to solve the problem.
  
  --
  I'm a consultant - I convert gibberish into cash-flow.
16. Re:Wrong issue by PIBM · 2009-02-28 03:29 · Score: 1
  
  There's an easy way to prevent you from doing this. They will have you sit in the waiting room for 48+ hours, and you won't have the right to leave it until seen by a doctor. You'll learn fast enough not to come back until you really need it ;)
17. Re:Wrong issue by Boomerang+Fish · 2009-02-28 03:33 · Score: 1
  
  I dunno...
  It's easier to sue a private entity than a government, esp since the government can pass legislation limiting damages it's liable for and even what it can be liable for.
  I suppose they could do so as well for the private sector, but that would be considered tort reform and we can't have a government of lawyers limiting the fees their brethren can take in, now can we?
18. Re:Wrong issue by ValentineMSmith · 2009-02-28 03:39 · Score: 1
  
  Well, all of our systems are set up to store patient info only in the remote database: none of the systems store patient info locally. However, we distinctly do NOT use Google. I'm firmly in favor of Google as a search engine, but the concept of storing medical info and data in something like Google Docs just leaves me cold and clammy.
  
  --
  Karma: Chameleon - mostly influenced by bad '80s New Wave music
19. Re:Wrong issue by budgenator · 2009-02-28 03:53 · Score: 0
  
  One of the largest stashes of medical data Johnson discovered during two weeks of research he conducted in January was a database containing two spreadsheets from a hospital he declined to identify. The files contained records on 20,000 patients, which included names, Social Security numbers, insurance carriers and codes for diagnoses. The codes identified by name four patients infected with AIDS, the mental illnesses that 201 others were diagnosed as having and cancer findings for 326 patients. Data also included links to four major hospitals and 355 insurance carriers that provided health coverage to 4,029 employers and 266 doctors. File-sharing networks used to uncover thousands of medical records
  
  The law gave the job of enforcement to HHS, including the authority to impose fines of $100 for each civil violation, up to a maximum of $25,000. HHS can also refer possible criminal violations to the Justice Department, which could seek penalties of up to $250,000 in fines and 10 years in jail. Medical Privacy Law Nets No Fines
  20,000 violations * $25,000 per violation fine = $500,000,000.00 in totals fines; I don't see the problem! Seriously tell someone they owe a half a billion dollars in fines it's going to get the attention of the whole community.
  
  --
  Apocalypse Cancelled, Sorry, No Ticket Refunds
20. Re:Wrong issue by transporter_ii · 2009-02-28 04:03 · Score: 1
  
  none of the systems store patient info locally
  So what about spyware, key loggers, and other various malware? Customer data could still be exposed if it was assumed that it was safe just because it wasn't stored client side.
  
  --
  Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
21. Re:Wrong issue by ValentineMSmith · 2009-02-28 04:14 · Score: 1
  
  That assumption isn't made. They keep a pretty close eye on outbound traffic as well. But your point is well made. :)
  
  --
  Karma: Chameleon - mostly influenced by bad '80s New Wave music
22. Re:Wrong issue by Ihmhi · 2009-02-28 04:41 · Score: 2, Funny
  
  but the concept of storing medical info and data in something like Google Docs just leaves me cold and clammy.
  Considering that as well as the other symptoms I read on your chart that I downloaded from Limewire, I really think you should see your doctor!
  
  --
  Random Thoughts From A Diseased Mind (Not For Dummies)
23. Re:Wrong issue by e4g4 · 2009-02-28 04:50 · Score: 1
  
  Unless you consider "they people" to be correct grammar.
  Of course it isn't... every edumacated man knows he meant "them people."
  
  --
  The secret to creativity is knowing how to hide your sources. - Albert Einstein
24. Re:Wrong issue by mattwarden · 2009-02-28 05:16 · Score: 1
  
  Congrats. I think the point, though, is that security vulnerabilities exposing the worker's pictures to their trip to Cancun are a little less of an issue as if that same security vulnerability exposes my medical information. Your comment is analogous to saying: the problem isn't that your storing gold in the unlocked room; the problem is that it's unlocked. Yes, you're right; but it is still stupid to put gold in the room until it's lockable.
25. Re:Wrong issue by mattwarden · 2009-02-28 05:28 · Score: 1
  
  Ok. Allow them to work locally against encrypted files.
26. Re:Wrong issue by Anonymous Coward · 2009-02-28 05:40 · Score: 0
  
  I prank call 911 all the time lol
27. Re:Wrong issue by Anonymous Coward · 2009-02-28 06:01 · Score: 0
  
  Proper system design can help avoid such issues without user intervention. For example, file sharing should require user intervention to select the type, location, and other attributes of files to be shared.
  That's exactly how every p2p program works.
  Sharing should not be enabled by default.
  Well, you ARE installing a program to ... share files. Why shouldn't sharing be on by default? That's the whole point of the program.
28. Re:Wrong issue by mc1138 · 2009-02-28 07:50 · Score: 1
  
  Oh I agree, but inevitably there are still ways to circumvent that, doing a word document ahead of time and copying the information in, needing pdf files for who knows what, fax to desktop is another one where documents start flying all over the place. Digital records are only as good as the people using them, not the people implementing them.
  
  --
  The musings of just another geek and his junk.
29. Re:Wrong issue by mc1138 · 2009-02-28 07:51 · Score: 1
  
  That's the thing with Doctors, you don't "allow" them to do anything, you suggest and try to guide them. Beyond that there are still lots of ways to circumvent all of that both intentionally and unintentionally.
  
  --
  The musings of just another geek and his junk.
30. Re:Wrong issue by brusk · 2009-02-28 07:55 · Score: 1
  
  "They people." is a perfectly grammatical sentence.
  
  Q: What do settlers arriving in an uninhabited area do?
  A: They people.
  
  --
  .sig withheld by request
31. Re:Wrong issue by Anonymous Coward · 2009-02-28 08:00 · Score: 0
  
  I see nothing that doctors do that needs to be stored in the client side.
  You have obviously never worked with doctors. You cannot tell them anything, and you cannot change their behaviour. They will take information home. They will lose their laptops. If you try to add password login and SSL encryption to everything, they will stick a piece of masking tape with the password written on it with a Sharpie on the top of the laptop. They won't tell you they've lost a laptop until they need to get in again, and there isn't a damned thing you can do about any of it.
  If you store patient data and SSNs in your ultrasecure uber encrypted hypervault and you only allow doctors to access your hypervault when they absolutely need to, then you will lose that data, guaranteed.
32. Re:Wrong issue by brusk · 2009-02-28 08:03 · Score: 1
  
  Yeah, moral hazard. It exists in any insurance scheme, and it's a problem, but it's not likely to be as bad as you imagine. Almost everyone's time is worth more than the "value" of a frivolous doctor's visit. The question is always whether the moral hazard will outweigh the increased benefit of universal coverage. For example, pretty much everywhere in the developed world we've agreed that universal, free firefighting is a good thing, even though it slightly increases the moral hazard around fire safety (if I know that someone is going to put out a house fire, I'm slightly more likely to do unsafe things and less likely to do things that increase safety). The experience of countries with universal, single-payer health coverage seems to be that the moral hazard is not so great that it outweighs the benefit.
  
  --
  .sig withheld by request
33. Re:Wrong issue by brusk · 2009-02-28 08:09 · Score: 1
  
  I see nothing that doctors do that needs to be stored in the client side.
  Medevac helicopters? Other work in remote locations? There could probably be less data client-side than now, but I doubt it could be completely eliminated.
  
  --
  .sig withheld by request
34. Re:Wrong issue by nicolas.kassis · 2009-02-28 08:24 · Score: 1
  
  Yes because 6 million dollars for a simple mistake(or lie cause not all of these cases are true) is really the correct way to make doctors want to help you out. Look the Court system has been abused and this isn't capitalism at all. Nothing in capitalism says anything about emotional damages and other bullshit like that.
35. Re:Wrong issue by Attila+Dimedici · 2009-02-28 08:28 · Score: 1
  
  There's an easy way to prevent you from doing this. They will have you sit in the waiting room for 48+ hours, and you won't have the right to leave it until seen by a doctor. You'll learn fast enough not to come back until you really need it ;)
  It also is a great way to save costs, a fair number of people will die before they get to see the doctor so the government won't have to pay for their treatment. Win/win.
  
  --
  The truth is that all men having power ought to be mistrusted. James Madison
36. Re:Wrong issue by Jah-Wren+Ryel · 2009-02-28 09:36 · Score: 1
  
  20,000 violations * $25,000 per violation fine = $500,000,000.00 in totals fines; I don't see the problem! Seriously tell someone they owe a half a billion dollars in fines it's going to get the attention of the whole community.
  Who will do one of two things:
  Either they will leave the community, or enough of them will hire lobbyists to change the laws so that such fines will never happen again.
  
  --
  When information is power, privacy is freedom.
37. Re:Wrong issue by Heather+D · 2009-02-28 11:02 · Score: 1
  
  You know people already do these sorts of things right?
  We already have what amounts to socialized medicine. It's too late to complain effectively about it now.
38. Re:Wrong issue by internettoughguy · 2009-02-28 11:20 · Score: 1
  
  you will still pay for those visits, we have socialist health care here, and it costs about US $25 dollars for a doctors visit depending on your income. do your research before making inane comments.
39. Re:Wrong issue by fwr · 2009-02-28 13:33 · Score: 1
  
  And the ironic part is that the most likely reason why they had to wait to get someone out to pull some basic cables is that they probably had to use union labor. And the government was responsible for allowing unions.
40. Re:Wrong issue by Anonymous Coward · 2009-02-28 13:56 · Score: 0
  
  try firing the gov't next time it screws up.
41. Re:Wrong issue by Anonymous Coward · 2009-02-28 14:27 · Score: 0
  
  I used to work as an IT outsourcer,
  Me too!
  
  and security becomes a big headache with lots of Doctors. Quite often Doctors like to be able to work from home either via VPN or some other remote solution, or just taking work home with them. Then comes the problem that most of them aren't very technically inclined and/or let their kids do whatever they want.
  Also lawyers! I have seen exactly as above. Hard to say which poses a greater risk to your health.
42. Re:Wrong issue by Anonymous Coward · 2009-02-28 14:59 · Score: 0
  
  In support.
  Data is already in the hands of the enemy, and they are paid to mine it.
43. Re:Wrong issue by Anonymous Coward · 2009-02-28 18:39 · Score: 0
  
  Wow, that's some in-depth analysis there, dude. Let me guess - you get most of your news and opinions shouted at you by guys on cable, right?
44. Re:Wrong issue by commodore64_love · 2009-02-28 23:45 · Score: 1
  
  >>>They will have you sit in the waiting room for 48+ hours
  Good thing I enjoy reading. Whether I sit at home and read, or in a room and read, matters not to me. I paid ~$10,000 in healthcare and I'm going to get the service due to me. Government is supposed to be non-discriminatory, right?
  
  --
  "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
45. Re:Wrong issue by commodore64_love · 2009-02-28 23:48 · Score: 1
  
  >>>a fair number of people will die before they get to see the doctor so the government won't have to pay
  Ahhh. You've experienced either Canadian or UK governmentcare then? ;-)
  
  --
  "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
46. Re:Wrong issue by commodore64_love · 2009-02-28 23:51 · Score: 1
  
  Um. Some of the U.S. might have free firefghting, but not the section where I live. We have to pay annual dues, or alternatively be billed afterwards.
  Also I disagree with your idea that knowing a firefighter is available, makes people more careless. By the time the fire engine arrives, your whole house will be engulfed in flames. By the time the firefighters are done spraying water, there's almost nothing left, and nobody wants that to happen. People are just as careful to avoid fire as if the firefighters did not exist.
  
  --
  "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
47. Re:Wrong issue by commodore64_love · 2009-02-28 23:54 · Score: 1
  
  >>>We already have what amounts to socialized medicine. It's too late to complain effectively about it now.
  Yeah but I'm not eligible for Medicare until I'm old. So I don't go to the doctor because there's no "freebie" service.
  
  --
  "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
48. Re:Wrong issue by commodore64_love · 2009-03-01 00:00 · Score: 1
  
  >>>do your research before making inane comments.
  That's one solution. The other solution is to share my thoughts publicly, and then have foreigners (like you) tell me about the $25 Copay and correct me. It's the Socratic method.
  Of course if I am paying ~$10,000 in healthcare tax, I'm still better off trying to get as much service out of the government as I can. For example right now I'm sick with a cold. Normally I'd just stay at home and wait for my body to cure itself, but if I can get free medicine from my government, then I'm better off going into the doctor's office. $10,000+25 is not a huge difference in personal expenditure.
  In fact I could make 50 visits, essentially one a week, and still have a pretty good deal overall ($10,000 + $1250). I'm better off making use of the government's service, rather than staying home and paying $10,000 for nothing.
  
  --
  "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
49. Re:Wrong issue by fwr · 2009-03-01 03:51 · Score: 1
  
  Nope, I've installed networks in hospitals for the last 15 years, and had the pleasure of working all over the US in areas that both were forced to use union labor for cable pulls and those that were not. My comments come from personal experience, not some far-right cable news guys.
50. Re:Wrong issue by geekboy642 · 2009-03-01 05:16 · Score: 1
  
  I assume you currently hold a health insurance policy. What possible motivation do you have to not exploit this policy on a weekly basis for trivial conditions? There is no fiscal difference between paying a large sum to Aetna and paying a large sum to Uncle Sam. A quick perusal via google shows an example yearly cost of about $7000 for the average basement-dweller. Shouldn't you get your money's worth out of that?
  
  --
  Just another "DOJ fascist authoritarian totalitarian bootlicker" -- Zeio
51. Re:Wrong issue by internettoughguy · 2009-03-03 22:33 · Score: 1
  
  i think you grossly overestimate how much extra tax you will pay :), for instance on 10 September 2001 Donald Rumsfeld announced that the pentagon could not account (ie they payed twice for stuff) for 3 trillion dollars of taxpayer money, thats $5,000 for every man woman and child. re-factor that spending in more intelligent and perhaps more socialist ways, and indeed you find you have free health care- for free. or rock on down to the pentagon and ask for your tax money back, in bazookas! but seriously, the doctor will refer you to a mental-health specialist, for an acute case of hypochondria if you act like that.
We need to secure the Internet. by Anonymous Coward · 2009-02-28 02:36 · Score: 0

The problem here is one of trust: right now, you can trust the Internet to carry all sorts of information to all sorts of people.
The answer is to expect some measure of caution: to carefully remove the more dangerous aspects and protocols of this most wonderful medium, so that its best parts are allowed to shine.
Imagine how great it would be if in the future a doctor around the world could just drag and drop health records into an online folder and know those records will get to your physician -- and no one else. The price may be P2P, but the purchase is virtually limitless.
1. Re:We need to secure the Internet. by Anonymous Coward · 2009-02-28 02:58 · Score: 0
  
  how would you suggest this "removal" be accomplished without interfering with "legitimate" (as you might see them) uses?
2. Re:We need to secure the Internet. by base3 · 2009-02-28 02:58 · Score: 1
  
  How about the medical establishment establish their own secure network for that and keep their grubby hands off the Internet?
  
  --
  One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
The government doesn't give ... by Anonymous Coward · 2009-02-28 02:40 · Score: 0

Just days after President Obama signed a law giving billions of dollars ...
Let's be clear, because it appears that more and more people do not understand how the government works.
The president, nor congress, "give" money. You cannot give what is not yours. What is happening is that the government is using the police power of state to take money from its citizens and then redistributing that money. That is what happens every time congress passes an appropriation. So, just keep that mind every time you see congress being "generous". They took that money from you and me at gun point to give to someone else.
1. Re:The government doesn't give ... by Anonymous Coward · 2009-02-28 02:50 · Score: 0
  
  Hey, let's be REALLY clear. Without government-backed money, you'd be "giving" chickens or little hand-made doilies in exchange for your internet service. And people are so god-awful stubborn that without someone to take their money at gunpoint and spend it on things like roads and electrification, we'd probably still be living in a feudal horse-and-buggy world.
  So just keep that in mind every time you see a Randroid being "conservative": what they want to conserve is a world where everyone is free to spend all their time using their precious guns to guard their precious stash of "real money" gold coins.
  
  Just days after President Obama signed a law giving billions of dollars ...
  Let's be clear, because it appears that more and more people do not understand how the government works.
  The president, nor congress, "give" money. You cannot give what is not yours. What is happening is that the government is using the police power of state to take money from its citizens and then redistributing that money. That is what happens every time congress passes an appropriation. So, just keep that mind every time you see congress being "generous". They took that money from you and me at gun point to give to someone else.
2. Re:The government doesn't give ... by mspohr · 2009-02-28 02:55 · Score: 2, Funny
  
  I personally pay my taxes by check in the mail and no guns are involved. If you are paying your taxes at gunpoint then I think you may be doing it wrong. Perhaps you are actually paying it to a local bandito group.
  There are several things to check. 1. Do you get a receipt? 2. Do they say thank you? 3. Do you have an opportunity to fill out a customer service questionnaire? 4. Do they have a toll free number to call if you have questions about your payment?
  If you cannot answer 'Yes' to all of these questions, then the people with guns are probably not a legitimate government and you should call your local sheriff to run them off. (You can find the number for your local sheriff in the telephone book under 'Government services'. The sheriff is funded by your taxes and is happy to assist in running off banditos.)
  
  --
  I don't read your sig. Why are you reading mine?
3. Re:The government doesn't give ... by webnut77 · 2009-02-28 04:05 · Score: 1
  
  Mod parent up!
  
  When the government "gives" or "spends" it has got to come from somewhere. And that somewhere is your and my wallets. Government spending will result in either higher taxes or increased inflation.
4. Re:The government doesn't give ... by Anonymous Coward · 2009-02-28 15:03 · Score: 0
  
  So how about we take away all the roads you drive on, all the public schooling you've ever had, and all the food inspections performed on all the food you eat for your choice to not pay any taxes?
Wouldn't a better headline be... by scbomber · 2009-02-28 02:44 · Score: 2, Insightful

"Clueless docs store patient data on wide-open PCs?"
1. Re:Wouldn't a better headline be... by messner_007 · 2009-02-28 03:03 · Score: 1, Redundant
  
  Or: "Doctors already successfully sharing their patients data".
2. Re:Wouldn't a better headline be... by cheesybagel · 2009-02-28 03:32 · Score: 1
  
  Know any doctor with tens of thousands of patients? I don't. I suspect it was either a hospital or, even more likely, insurance company clerical worker.
3. Re:Wouldn't a better headline be... by Anonymous Coward · 2009-02-28 06:58 · Score: 0
  
  (I work in this industry for an insurance claims clearinghouse...I work on setting up the billing for anything from a one doc office to large hospitals or billing services...the oh so rare /. article that is directly in my wheelhouse)
  
  Practice management software stores the info of every patient a doctor is currently seeing, and has ever seen. Throw in the fact that most offices have more than one doctor and you might get to 10K records faster than you think.
  
  I doubt it was an insurance company..from the clearinghouse level up the HIPPA laws are taken very seriously. I'm not saying that it couldn't happen, just that it would be such a disaster for a clearinghouse or a non-gov't payer to lose patient data that the employees are given training on how to handle it. Ofc, it only takes one bad user...
  
  I see a lot of incredibly unsecure one doc offices...But, shockingly enough, I see a fair amount of hospitals that are pretty lax too. The biggest offenders IMO are billing services. It's a big mom and pop business model for a lot of people, and they usually have absolutely no IT support. All their customers care about is how good they are about getting the claims paid, not the configuration of their network. And the computer they usually use is just the family computer, so yes their kids get on it when they come home from school and install whatever they want to on them.
  
  There is a large UNIX(to make matters worse, almost always SCO) based system called The Medical Manager. You would think that since it's UNIX that it would be more secure...and if you set it up right, ofc, it is. Here's the funny thing though, I GUARANTEE you that I could cold call doctors offices I knew were using it and with a success rate well above 50% come away with the modem number and the root(!) password. If they didn't have a modem I could probably just have them connect me with the remote connection software of my choice. Someone connecting to your desktop is so common in the industry that most users don't think twice about it. All your records are belong to me!
Re: torrent by Anonymous Coward · 2009-02-28 03:05 · Score: 0

plz seed
a new system + goverment funding = bad idea by mcfatboy93 · 2009-02-28 03:06 · Score: 1

able to uncover tens of thousands of medical files containing names, addresses and Social Security numbers for patients seeking treatment for conditions
This is a disaster waiting to happen.

--
Its not my fault, someone put a wall in my way.
Comment removed by account_deleted · 2009-02-28 03:14 · Score: 2, Interesting

Comment removed based on user account deletion
The real problem here... by jsiren · 2009-02-28 03:24 · Score: 2, Insightful

If a doctor kept medical records on paper in a filing cabinet at home, would they let anybody else touch that cabinet?
The real problem here is that doctors take patient information home on a laptop, then allow somebody else to access that laptop. It's easiest to just get another laptop for the kids and not let them near your work computer.

--
Usage: km/h for speed (kilometers per hour); kph for very slow impulses (kilopond hours).
1. Re:The real problem here... by Anonymous Coward · 2009-02-28 05:04 · Score: 0
  
  Who said anything about someone else using the computer? That is pure conjecture on the part of the article and some dumb hypothetical being debated here. For all we know, the health care worker installed bit torrent to get a linux distro or download public domain media content.
2. Re:The real problem here... by agentc0re · 2009-02-28 05:26 · Score: 1
  
  If a doctor kept medical records on paper in a filing cabinet at home, would they let anybody else touch that cabinet?
  Well because of HIPPA laws, technically a doctor cannot take any records home or it is in violation to that patients privacy because then that doctors wife, kids or friends may see them laying on the kitchen table. This posses problems when a doctor is on call at a hospital and needs to send copy patient info down to be recorded later on in their own EMR system.
  
  --
  Sometimes, the answer is to just destroy it all.
3. Re:The real problem here... by Puffy+Director+Pants · 2009-02-28 05:54 · Score: 1
  
  If a doctor kept medical records on paper in a filing cabinet at home, would they let anybody else touch that cabinet?
  Maybe. I know I can barely keep my pets out of places I don't want them to go. I can imagine children and guests could be worse.
4. Re:The real problem here... by e4g4 · 2009-02-28 05:55 · Score: 1
  
  Presuming that it is in fact the doctor's children/SO doing the P2P and not the doctor him or herself (as the sibling poster suggests) it would be adequate to simply set up separate user accounts with permissions set appropriately. Fast user switching makes using separate accounts on a single machine a very minimal burden and even windows can be set up with proper permissions with little to no effort.
  
  --
  The secret to creativity is knowing how to hide your sources. - Albert Einstein
5. Re:The real problem here... by jsiren · 2009-02-28 06:42 · Score: 1
  
  Maybe. I know I can barely keep my pets out of places I don't want them to go. I can imagine children and guests could be worse.
  Perhaps it's not such a bright idea to bring home any patient info at all, then?
  
  --
  Usage: km/h for speed (kilometers per hour); kph for very slow impulses (kilopond hours).
6. Re:The real problem here... by scottv67 · 2009-02-28 17:14 · Score: 1
  
  > HIPPA
  
  HIPAA
RPM installer for nearly the whole VA System. by ivaldes3 · 2009-02-28 03:49 · Score: 1

Here is a Alpha rpm installer for nearly the entire Veterans Affairs hospital system server:
http://sourceforge.net/projects/worldvistarpmin
This is a GOOD thing. The public can know in its entirety how the thing works and check it for privacy and security.
-- IV

--
http://www.LinuxMedNews.com Revolutionizing Medical Education and Practice.
1. Re:RPM installer for nearly the whole VA System. by Anonymous Coward · 2009-02-28 10:22 · Score: 0
  
  Correctness and security are both very important for medical records. Making it open source is a great idea. Doing it in a forty-year-old write-only language which silently ignores huge classes of mistakes (undeclared variables, automatic coercion that shrugs off malformed values, no database schema enforcement or object encapsulation) is shockingly irresponsible.
2. Re:RPM installer for nearly the whole VA System. by ivaldes3 · 2009-02-28 10:39 · Score: 1
  
  Kind of like the Linux kernel C language which is older than mumps and even more write-only? So is it antiquated or proven? Like the Linux kernel, the vast majority do not have to mess with Mumps. It is a great system, uniquely suited for health care that is a rock solid platform. No one else has made the billions in investment and decades of time necessary and likely never will. -- IV
  
  --
  http://www.LinuxMedNews.com Revolutionizing Medical Education and Practice.
Did some work for a pharmacy by transporter_ii · 2009-02-28 03:56 · Score: 2, Interesting

And part of what I needed to do was block myspace, etc., on the LAN. But the head pharmacist had some P2P running on his computer (its good to be the king). I remember thinking at the time how insecure to run P2P on a business machine with a lot of confidential information on it.
I don't think the customer data was stored locally, but that doesn't stop spyware, key loggers, etc., from still being an issue.
Free music or maintaining the integrity of customer data. That's a tough call.
transporter_ii

--
Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
RIAA/MPAA FUD Tactics? by Anonymous Coward · 2009-02-28 04:35 · Score: 1, Interesting

This is the second story this week I've heard villainising P2P beyond basic piracy.
The first, from the Today show I think, was about somebody having their identity stolen because somebody accidentally shared some financial records. The reason a FUD campaign came to mind was the way my wife reacted to the story. Some comment about how dangerous P2P applications were.
Anybody else think these stories could an organized effort to create paranoia in the less technical crowd?
Wrong download. by Ostracus · 2009-02-28 05:03 · Score: 1

I don't either. Something illegal file sharers don't realize is the law of unintentional consequences applies to them. Did anyone involved in the creation of these tools ever realize that a program that's designed to make easier the sharing of the contents of whatever it's pointed to with the entire world was going to have consequences like this? Check mark in the column labeled," But I ain't hurting no one".

--
Shai Schticks:"You don't make peace with friends, you make peace with enemies"
1. Re:Wrong download. by Anonymous Coward · 2009-02-28 08:16 · Score: 0
  
  Sharing is good.
  At least, thats what the parents always say to their children.
  Then again, parents are hypocritical ass wholes.
2. Re:Wrong download. by acohen1 · 2009-03-02 09:13 · Score: 0
  
  That argument doesn't make a goddamn bit of sense. By your logic, we should outlaw books, and all written communication, since it could contain information that could be used in a potentially harmful way, even if that was not the intention of the creator. The USER needs to take responsibility.
Seriously? by wzzzzrd · 2009-02-28 05:25 · Score: 1

A health care worker might have loaded patient files onto a laptop, for example, and taken it home where a son or daughter could have downloaded a peer-to-peer client onto the laptop to share music.

Or the son or daughter could have emailed the patient files. Or printed them out. Or uploaded them to googledocs. Come on, what has this to do with p2p? And how about not giving your child access to your patient files? Hm?

--
On second thought, let's not go to Camelot. It is a silly place.
Its an idiot user problem by PPH · 2009-02-28 05:46 · Score: 3, Interesting

I have a friend who runs an insurance investigation business. A lot of his data includes claimants' medical, criminal, income, and other assorted records. He has several investigators working in his office, each with a PC (fortunately, no laptops) and all behind a secure(?) firewall. From time to time, I've helped him configure or repair his network and/or desktop systems. In doing so, I've noted that every system has their C: drive shared out on the LAN with read/write privileges granted to everyone else in the office. In spite of the problems with security or system corruption (why anyone would need to share out all their system .DLLs with write permission is beyond me), he insists that everyone in the office 'needs' complete access to everyone else's files. A disaster waiting to happen, IMO.
People just don't understand, or give a sh*t about the consequences of lax data security. P2P networks, or the mis-configuration of file sharing s/w is just one symptom of this.

--
Have gnu, will travel.
Confidential files on p2p networks, nothing new! by HansWurst · 2009-02-28 06:45 · Score: 1

Just search for .doc and .xls on your favourite network. Most of the results certainly aren't supposed to be public. Search for a file normaly found in the root directory (in win98 days it was AUTOEXEC.BAT), and you've got thousands of "friends" sharing their complete hd.
privacy laws by Anonymous Coward · 2009-02-28 06:50 · Score: 0

With public sharing of formerly-private data, companies can discriminate against unhealthy persons whenever they desire.
Only if you have shitty privacy laws. Those jurisdictions that help to protect their citizens (e.g., EU, Canada's PIPEDA law) have much less to worry about. Doctor-patient privilege and all that.
Of course if the US health system focused more on health that on profit, things would be different regarding the motivation of all of these records.
Re:billions of dollars... by filthpickle · 2009-02-28 07:08 · Score: 1

http://www.ansi.org/

They already standardized the electronic file for just about everything else involving the medical industry. And did a good job of it, IMO.
Still blame the User by evilkasper · 2009-02-28 07:28 · Score: 1

A P2P program should not be installed on any system that has sensitive information. By doing so you are not just opening up the possibility of accidentally sharing those files, but you also open yourself up to a slew of viruses which could further compromise the system. Any system that has this kind of information should be FOUO (for official use only).
Mods? by Anonymous Coward · 2009-02-28 08:03 · Score: 0

Who mods this garbage up?
how about no medical records? by CranberryKing · 2009-02-28 08:03 · Score: 1

Or how about doctor asks patient, "how are you feeling? Have you experienced anything like this before?" Patient says, "Yes. Here I have a [paper] record of my previous doctor visits. Does that help?". Doctor says, "it could". Patient says, "Okay, but those are my property [responsibility] and I want them back when I leave". Doctor says, "Sure. Your the boss.".... Whoahh.. What was I thinking?!
1. Re:how about no medical records? by Anonymous Coward · 2009-02-28 14:47 · Score: 0
  
  I'll tell you what you're thinking. You're thinking the way the people who founded this country thought: Everyone minds their own business, everyone is responsible for themselves. The government exists to unite the states, to take care of disputes between the states, to make sure the union is safe from foreign enemies, etc. Unfortunately it seems half the population wants the government to wipe their ass when they're done taking a shit.
Another good reason ... by HW_Hack · 2009-02-28 08:17 · Score: 1

to keep cutting and off shoring IT services and departments.
You've gotta have geeks on-site

--
Its not the years, its the mileage .....
What we really want to know... by Anonymous Coward · 2009-02-28 09:54 · Score: 0

... did the files get transferred faster through P2P than with other transfer tools? How many clients were serving each file?
GATTICA is fiction by CrankinOut · 2009-02-28 11:11 · Score: 3, Interesting

and this concern about access to medical records is paranoia.
Federal law (Health Insurance Portability and Accountability Act - or HIPAA) levels serious legal liability on "any doctor who asks" (or any other person in a health-care organization who looks at a medical record outside of their job responsibilities. By definition, this, then is not "public sharing of information." XYZ company is not entitled to look at your health information.
Do errors occur? Hell, yes, they do. Laptops get stolen, people screw up. But to deny the benefits of having access to critical information in emergency situations, or to avoid repeating a test done last week, or to avoid a person getting a medication that doesn't work because another doctor recently changed another of the meds, or to get a drug that can be fatal to a person because the information wasn't available, is to say that you'd rather life be a crap-shoot.
The way for this technology to get better is for people to work on the solutions to the issues of security and privacy, not to keep medicine in the stone-age of information utility.
For an interesting read about why this is so important, read the Medicare Annual Report. Everyone's payroll taxes have to go up 3.5 percent to cover the estimated shortfall of Medicare for the next 75 years (I expect to retire sometime in that timeframe). With life expectancy increasing, and the baby boom generation in retirement for the next 40-50 years, OASDI and MMS look take a bigger bite out of everyone's paycheck.
One solution to this projected problem is to reduce the cost of healthcare by reducing errors, repeating unnecessary tests because of lack of access to a record, having technology that alerts clinical staff (doctors aren't going to be the only people providing medical care) to potential interactions, matching medications/treatments to genetic likelihood of therapeutic benefit, and enabling greater home health care. All of these opportunities require increasing use of information technology.
Good luck with that heart condition.
Nothing can go wrong by westlake · 2009-02-28 11:14 · Score: 1

I see nothing that doctors do that needs to be stored in the client side
This assumes that the doctor has access to the server.
That the link will hold whenever critical decisions have to be made about his patients.
Well, only a fucking idiot by Anonymous Coward · 2009-02-28 13:27 · Score: 0

would let their kid use their work laptop.
Re:billions of dollars... by Anonymous Coward · 2009-02-28 14:12 · Score: 0

http://www.ansi.org/
They already standardized the electronic file for just about everything else involving the medical industry. And did a good job of it, IMO.
You forgot to mention that it did not cost billions of dollars. Only the Government possesses the special skill of spending a trillion dollars on something that's worth about 50 cents.
Re:billions of dollars... by anactualfemale · 2009-02-28 16:32 · Score: 1

If it will help effeciency [sic] and reduce cost then private institutions will adopt it voluntarily.
That makes sense. However, what it makes sense to do is not always what gets done.
In the eyes of some medical institutions, they see a cost in changing the records, but no change in what they can feasibly charge per patient nor any promise of an increase in their number of patients. They see a definite cost and only a nebulous possibility of future gain.
But let's say you're right and even without government intervention, within the next two years most US medical institutions digitize their records. Let's give a high figure and say 95% of them do this.
That remaining 5% will still cause problems when patients realize that health care is better and cheaper with other providers, or just leave for other reasons, and have to deal with beaurocracy in order to transfer records that they might need immediately. The possibility that something in their previous medical records might affect their treatment from their new physicians might escape them entirely. The record either might not get there in time or they might not see any reason to request its transfer at all. The original record might be lost by fire or natural disaster or any number of things. Creating electronic records (SECURELY) makes sense, but businesses don't want to make sense. They want to make money.
Also, with the economic shitstorm, why not create some immediate clerical jobs? Not everyone can help build roads and lay cable.