Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Was in Talks With Top Hospitals Until Last Month To Share Data of Most Vulnerable Patients (cnbc.com)

Posted by msmash on from the things-Facebook-does dept.

Facebook was in talks with top hospitals and other medical groups as recently as last month about a proposal to share data about the social networks of their most vulnerable patients, CNBC reported on Thursday. From the story: Facebook was intending to match it up with user data it had collected, and help the hospitals figure out which patients might need special care or treatment. The proposal never went past the planning phases and has been put on pause after the Cambridge Analytica data leak scandal raised public concerns over how Facebook and others collect and use detailed information about Facebook users. "This work has not progressed past the planning phase, and we have not received, shared, or analyzed anyone's data," a Facebook spokesperson told CNBC. But as recently as last month, the company was talking to several health organizations, including Stanford Medical School and American College of Cardiology, about signing the data-sharing agreement.

73 of 108 comments (clear)

  1. Hashing and anonymity by b0s0z0ku · · Score: 5, Interesting

    If it can be matched up with real-world profiles, it's no longer anonymous. If the hashing DOESN'T work correctly, the wrong people could be labeled with health conditions, and God forbid this data is re-sold to insurance corepirations.

    This seems like a HIPAA nightmare, and if this goes forward, this needs to be slapped with a restraining order by HHS. This is a borderline criminal idea and should be treated as such.

    1. Re: Hashing and anonymity by Anonymous Coward · · Score: 2, Insightful

      HIPAA like most laws is around to be wield like whip towards the peons. Monied interests like Feciesbook have little to worry about.

    2. Re: Hashing and anonymity by b0s0z0ku · · Score: 3, Interesting

      Depends who's in charge. I dislike Trump's authoritarianism, but think his hatred for the tech industry is useful. If he can destroy or slow down the growth of the ad-supported, privacy-sucking tech firms like Facebook, Google, Microsoft, Apple, Amazon, etc, then that will be one of the few good things his administration has done.

    3. Re:Hashing and anonymity by schklerg · · Score: 2

      Indeed, HIPAA will do nothing to protect your privacy in these situations. If a hospital decides it wants to share everything about you with North Korea, it's all cool as long as they sign the right contract and can self justify it. If an insurance company wants to get all of your data from the local casino, even easier. In theory, I guess this should make people think before they throw your personal data around, but all it really does is create a paper trail.

      --
      Be Excellent To Each Other
    4. Re:Hashing and anonymity by DogDude · · Score: 1

      needs to be slapped with a restraining order by HHS

      Yeah, that's not going to happen.

      --
      I don't respond to AC's.
    5. Re:Hashing and anonymity by b0s0z0ku · · Score: 1

      Trump and GOP'ers are generally politicized against "new tech" like Facebook, so it may very well happen.

    6. Re:Hashing and anonymity by mysidia · · Score: 4, Informative

      Indeed, HIPAA will do nothing to protect your privacy in these situations.

      HIPAA prevents your Medical Provider, Insurance company, or other covered entity from RELEASING or DISTRIBUTING your medical records/Protected Health Information. It does NOTHING to restrain them from GATHERING or IMPORTING records/data about you from other sources such as Facebook.

      Facebook is not a covered entity under HIPAA, because they aren't any kind of medical provider ---- so they aren't regulated in any way by HIPAA; therefore if you post something related to your own health there on your own Facebook page: they can share it however they want according to the Terms of Use that users agree to when using Facebook's website. There's nothing that would prevent Facebook from distributing your information to a
        Hospital.

    7. Re: Hashing and anonymity by PopeRatzo · · Score: 4, Insightful

      I dislike Trump's authoritarianism, but think his hatred for the tech industry is useful. If he can destroy or slow down the growth of the ad-supported, privacy-sucking tech firms like Facebook, Google, Microsoft, Apple, Amazon, etc, then that will be one of the few good things his administration has done.

      Does he want to "destroy or slow down the growth" of these companies, or bend them to his will?

      He didn't seem to have any "hatred for the tech industry" when it comes to what Robert & Rebekah Mercer are doing with Cambridge Analytica.

      --
      You are welcome on my lawn.
    8. Re:Hashing and anonymity by SemperUbi · · Score: 1

      Yes, this would violate HIPAA law. Even if in some alternate universe it didn't, it'd still be a terrible, intrusive, cringeworthy idea. Who comes up with ideas this awful? Social media people need to get out more.

    9. Re:Hashing and anonymity by b0s0z0ku · · Score: 4, Informative

      Except the article summary implies that the anonymized medical records would be released to Facebook, which would then attempt to match them with profile information. If they can be matched, they're not anonymized enough -- thus, HIPAA violation.

    10. Re: Hashing and anonymity by b0s0z0ku · · Score: 1

      If the "bending to his will" and his general instability causes a massive adtech-led market crash, he'll have been somewhat useful.

    11. Re:Hashing and anonymity by shubus · · Score: 1

      I couldn't agree more. It is a totally outrageous invasion of privacy. And you just know that the hashing would be cracked.

    12. Re: Hashing and anonymity by CanHasDIY · · Score: 2

      The definition of a useful idiot, in fact!

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    13. Re: Hashing and anonymity by b0s0z0ku · · Score: 2

      Frankly, Obama was less authoritarian, or at least in the right places.

      He made an attempt to fix the corporate-infested parasitic US health insurance system. He hired Holder as AG, who (at least temporarily) rolled back civil forfeiture, also known as legalized theft by police. He pushed for sentencing reform and wasn't always on the side of law enforcement or the military. He chose to allow states to have their own marijuana policy.

      Obama was a welcome change from the Bush era, though he didn't go far enough in rectifying the wrongs of the past 30 years (wars on drugs/terror/crime) stemming from constant moral panics.

    14. Re:Hashing and anonymity by Anonymous Coward · · Score: 1

      It does NOTHING to restrain them from GATHERING or IMPORTING records/data about you from other sources such as Facebook.

      So, here's the problem with that ... information theory tells us that as soon as a medical provider downloads that information, it will leak information about you.

      That you are a patient of that facility is now known to Facebook. If that clinic is a specialist they can infer the nature of your condition. Which means Facebook can now start selling you ads for pharmacies, or possibly for drugs related to your actual illness -- you know, cancer and birth control in the case of those specialties.

      At no point should health care be partnering with a fucking ad company, because it is the exact opposite of maintaining patient privacy.

      The moment such a place says "hey, Faceboook, tell us about this person", information they should never be disclosing has now been made available, and additional information can be inferred. Because they've said "this person is a patient, please tell us more about them". It's a two way exchange. Even if you don't use Facebook, the act of them asking for information gives Facebook information about you.

      And, don't forget that once medical staff can ping Facebook for information on you, it will be abused by people who are looking up people they have no legitimate reason to.

      Fuck that, I don't want to live in a fucking world where goddamned fucking Facebook is asked information about me by healthcare, because the mere act of asking is also revealing. Facebook need to be restricted, not given access to more data.

      God I fucking hate Facebook. This company needs to be ground into the dust.

    15. Re: Hashing and anonymity by deKernel · · Score: 1

      And how in the heck can you make the statement that he attempted to fix the health insurance when he actually handed MORE power to the insurance companies?

    16. Re: Hashing and anonymity by Anonymous Coward · · Score: 1

      You people are a hoot.

      Right-wingers: "Obama's gonna take our guuuuuuns."
      Reality: Obama was very lax about firearm ownership

      Trump: "Take the guns first, go through due process second."
      Right-wingers: dead silence.

    17. Re: Hashing and anonymity by DogDude · · Score: 2

      That was a shitty compromise that had to be made. The fact is that millions of people have health care now that didn't before the ACA. Do I have to say that that's a good thing?

      --
      I don't respond to AC's.
    18. Re: Hashing and anonymity by b0s0z0ku · · Score: 2

      ACA got rid of the worst pricing excesses. The fine was a token penalty.

      Limiting insurance rates to being based on age, location (county), and smoking status with no more than a 3:1 spread between top and bottom tiers of a given policy was a good thing. So was guaranteed issue.

      They could no longer say, "you have epilepsy, you can buy our individual insurance policy at $3000 per month."

    19. Re: Hashing and anonymity by b0s0z0ku · · Score: 1

      But Dems bad, GOP good. Riiight.

    20. Re: Hashing and anonymity by b0s0z0ku · · Score: 2

      The mandate was essentially toothless.

      The salient points were guaranteed issue and limitation of pricing disparity for a specific policies to a 3:1 ratio of highest to lowest price.

      Oh, and subsidies.

      Even without subsidies, I can still get a low-deductible policy for about $600/mo where my deductible is $600/yr, regardless of health status. As a self-employed person, that's a good thing. Then again, my state actually cares about keeping the ACA intact.

      For $500/mo, I can raise the deductible to $2000/yr, which is still pretty good. But I'm risk-averse, so I'd rather have the low deductible.

    21. Re: Hashing and anonymity by Archangel+Michael · · Score: 1

      Trump is no more no less "authoritarian" than Obama, GWB, Clinton,GHWB ...

      Cognitive Dissonance

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    22. Re: Hashing and anonymity by Humbubba · · Score: 2
      An A.C. said

      HIPAA like most laws is around to be wield like whip towards the peons. Monied interests like Feciesbook have little to worry about.

      You are so right, it's scary.

      In my city, the cops have a one way data flow from the hospital's computers. The idea that it is of some benefit, some 'special care or treatment' for the patient is absurd. And it's more than just data mining to match patients with crimes. It involves identity processing and crime prevention via predictive analytics, doing things like estimating emergent crime trends and matching them with pools of potential suspects. Hospital records aren't the only thing they vacuum up, it's far more intrusive and invasive. They got all of city hall's stuff for starters.

      Knew the guy who developed this crime prediction software. Really impressive. He said the cops could use it to do things like run potential perpetrators out of town. But it's the other things they can do with such a tool that worry me.

      What can be done to society and the individual with big data is Kafkaesque.

    23. Re: Hashing and anonymity by Hognoxious · · Score: 1

      "attempted". Too long for you?

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    24. Re: Hashing and anonymity by Hognoxious · · Score: 1

      What case? A bit over half of people don't like him.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    25. Re: Hashing and anonymity by b0s0z0ku · · Score: 1

      Under HIPAA, this generally requires a warrant or specific exigent circumstances. "Open line to data" is illegal.

      If you're aware of this situation, I strongly encourage you to leak it to the press and also file a report with HHS. Anonymously if needed. Whistleblowers are heroes.

    26. Re: Hashing and anonymity by Archangel+Michael · · Score: 1

      My guy didn't win the election. I'm not the retard that voted for either criminal ;)

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    27. Re: Hashing and anonymity by Archangel+Michael · · Score: 1

      The case that people like their dictator, but not the other guys. I didn't vote for either major party candidates.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    28. Re: Hashing and anonymity by ColdWetDog · · Score: 1

      Yes, either Humbubba is total BS or that hospital and PD are in big trouble. There is a pass through for law enforcement, but only to prevent a crime from occurring or to help with patient care in specific instances. No way can you have a 'one way data flow'.

      --
      Faster! Faster! Faster would be better!
    29. Re: Hashing and anonymity by Humbubba · · Score: 2
      b0s0z0ku says

      Under HIPAA, this generally requires a warrant or specific exigent circumstances. "Open line to data" is illegal.

      I am outraged at this as much as I am awestruck by these practices. If I'm reading this wrong, and this line to hospital records is illegal, someone please let me know. I am pro-privacy, in spite of the times we live in. None the less, this is how I read the law:

      Under HIPAA, medical information can be disclosed without an individual's permission to "any government official at any level of government authorized to either investigate or prosecute a violation of the law." This applies to doctors, health plans, pharmacies, health care clearinghouses, medical research labs, hospitals and other health facilities. HIPAA requires no court involvement, as long as there is a written statement of relevancy. But HIPAA does not preempt state law when it comes to privacy. For example, California requires court approval, but that can be had with a search warrant, showing of probable cause, a showing of cause, or even just an administrative subpoena. [1]

      No court authorization is required in my state. When coming under the care of my city's hospital, you sign a notice of privacy practices that includes law enforcement access to medical records.

      [1] https://www.eff.org/issues/law-enforcement-access

    30. Re:Hashing and anonymity by ColdWetDog · · Score: 1

      Except that Facebook would quickly become a covered entity if they did this. They would be awfully close to a 'Health Care Clearinghouse'

      [quote]Clearinghouses include organizations that process nonstandard health information to conform to standards for data content or format, or vice versa, on behalf of other organizations.[/quote].

      Even if they got a pass on that, they would certainly be a 'business associate' which are generally bound by HIPAA rules.

      --
      Faster! Faster! Faster would be better!
    31. Re: Hashing and anonymity by b0s0z0ku · · Score: 1

      Also, such a situation may (likely) be a Federal crime. Failing to report it to the Federal D.A.'s office or HHS may in itself be a Federal offense, especially if one is employed by any of those organizations. If I were in that situation, I might be speaking to a lawyer...

    32. Re: Hashing and anonymity by b0s0z0ku · · Score: 1

      See also:
      "HIPAA permits the police to use an administrative subpoena or other written request with no court involvement, as long as police include a written statement that the information they want is relevant, material, and limited in scope, and that de-identified information is insufficient."
      Giving police a "direct line" to hospital systems sounds like it's NOT limited in scope, and does NOT require a written statement of relevancy. Correct me if I'm wrong. If the police and/or their software are literally being given access to confidential hospital systems without a written request, whoever is involved is likely committing a Federal felony. I'd be talking to an attorney at the very least.

    33. Re: Hashing and anonymity by Humbubba · · Score: 1
      I'm looking at documents right now that specifically say state law requires disclosure of confidential medical information or records to certain people upon demand. Law enforcement is included in the term 'certain people'.

      There is a lot more. Considering this and my limited abilities, perhaps an attorney is the way to go.

    34. Re: Hashing and anonymity by b0s0z0ku · · Score: 1

      "Upon demand" means a properly formatted, WRITTEN demand stating valid reasons why the information is needed, and the specific, narrow range of information required.

      i.e. "We require any blood alcohol test results you may have on John Q. Doe, male, DOB 3/4/1956, due to him being involved in a fatal motor vehicle accident with suspected DWI."

      Also, HIPAA applies nationally -- state law can't be LESS restrictive than its requirements. In any case, responding to specific requests is legal. Giving cops authorization to access private health information without a specific request (i.e. a direct line to a database) is very, very illegal.

      Speak to an attorney. There's also the option of anonymously leaking to the press, assuming you have evidence and enough people know about the program for the leak not to point to you. Good luck! Do the right thing.

    35. Re: Hashing and anonymity by Reverend+Green · · Score: 1

      Bullshit. I've read the HIPPA disclosures from a major couple major hospital systems. They explicitly state that they WILL share your "private" data with the pigglies, Uncle Sam, insurance companies, and pretty much any other evil institution that asks.

      The only group who are prevented by HIPPA from accessing your medical data are... medical researchers. You know, the one group that most people *want* their data shared with.

      HIPPA is a crock of shit. It does very very very little of benefit to patients. But it created a ton of cushy bureaucrat and lawyer jobs for members of the nomenklatura class.

    36. Re:Hashing and anonymity by Waccoon · · Score: 1

      ...therefore if you post something related to your own health there on your own Facebook page

      The most pressing concern is that Facebook is getting info on people that DON'T post things on Facebook on their own. With Facebook talking to hospitals directly, isn't there a bit of a concern as to HOW they collect data on people without their knowledge, let alone consent?

    37. Re: Hashing and anonymity by Cinnamon+Beige · · Score: 1

      'Upon demand' is going to be generally require that properly-formatted, WRITTEN demand be in the form of a warrant--if this isn't technically required by the local laws, the people who are legally responsible for keeping those records private will insist on one for their own protection. As long as they can say they were legally compelled to release the records, they're in the clear.

    38. Re:Hashing and anonymity by mysidia · · Score: 1

      Except that Facebook would quickly become a covered entity if they did this. They would be awfully close to a 'Health Care Clearinghouse'

      They would not be a clearinghouse. Clearinghouses perform processing of information on behalf of other organizations. This means that they receive health data from a covered entity such as a healthcare provider, process the information On behalf of the other entities, and return it.

      Even if they got a pass on that, they would certainly be a 'business associate' which are generally bound by HIPAA rules.

      First of all... Facebook would probably have the research project's legal organization created under a 3rd party organization separate from Facebook that has a data sharing agreement with FB and other agreements with Hospitals; which would explain potential reasons for "hashing", "anonymization", and "matching", so FB isn't directly sharing information with hospitals.

      Second: You are not a business associate unless your organization signs a BAA, and i'm pretty sure there's no way Facebook would sign a BAA on their users.

      You're only required to sign a BAA contract if your entity processes or receives information on behalf of the other entity in a manner that involves you receiving or having access to receive protected health information from that entity.

      If you're a data broker or you're in possession of unprotected information, such as personal health data or other personal info a user allowed you to collect under a ToS or different rules ---- you don't need a BAA to provide a service where there's a one-way data flow, and you provide a covered entity access to the unprotected information in your possession but don't gain access to any PHI.

      In that case you are not working on behalf of or gaining access to the PHI which is under the care and protection of the covered entity.

      https://www.hhs.gov/hipaa/for-...

            A “business associate” is a person or entity, other than a member of the workforce of a covered entity, who performs functions or activities on behalf of, or provides certain services to, a covered entity that involve access by the business associate to protected health information.

      The HIPAA Rules generally require that covered entities and business associates enter into contracts with their business associates to ensure that the business associates will appropriately safeguard protected health information.

        The business associate contract also serves to clarify and limit, as appropriate, the permissible uses and disclosures of protected health information by the business associate, based on the relationship between the parties and the activities or services being performed by the business associate. A business associate may use or disclose protected health information only as permitted or required by its business associate contract or as required by law.

    39. Re:Hashing and anonymity by mysidia · · Score: 1

      Plus it doesn't matter what the company does.. The second PHI is passed to it, they fall under the HIPAA umbrella.

      The information is not PHI if it came from a source that is not a covered entity.

      HIPAA does not magically apply to any organization which has something that looks like Health Info; there are specific organizations it applies to, and Facebook isn't any of those.

    40. Re: Hashing and anonymity by b0s0z0ku · · Score: 1

      That's what I pay, other states may differ. Especially if they're run by yokels who want to go back to the (terrible for the self-employed and/or people with pre-existing issues) pre-2014 insurance system.

    41. Re:Hashing and anonymity by mysidia · · Score: 1

      With Facebook talking to hospitals directly, isn't there a bit of a concern as to HOW they collect data on people without their knowledge, let alone consent?

      If the project had gotten off the ground; it's possible the project could have collected data from both Facebook and the Hospitals, but
      Facebook itself wouldn't have been able to collect health data on people from the hospitals or the combined dossier to use for their own purposes, because of compliance issues.

      Of course the project never actually got off the ground, and accuracy or privacy concerns could've been some of the things that had prevented the idea moving forward.

  2. Facebook versus HIPAA by 93+Escort+Wagon · · Score: 3, Interesting

    Jenny Johnson is currently in Virginia Mason hospital, room 1231! If you know Jenny, click "Like" to send her your best wishes.

    --
    #DeleteChrome
    1. Re:Facebook versus HIPAA by mrbester · · Score: 5, Funny

      I'll text her instead. The number is still 867-5309, right?

      --
      "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
    2. Re:Facebook versus HIPAA by PolygamousRanchKid+ · · Score: 2

      ! If you know Jenny, click "Like" to send her your best wishes.

      If she gets enough "Likes" . . . she will receive proper treatment . . . otherwise, the nurses have plastic bags that fit over heads . . .

      --
      Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
  3. On the Bright Side by techsoldaten · · Score: 3, Interesting

    On the bright side, such an agreement could work towards furthering our understanding of the root causes of a variety of medical and psychological problems.

    Facebook is nothing but an ad-funded spy network. It gathers information about billions of people. If there is any good to come from that colossal invasion of privacy, it would be preventative care.

    1. Re:On the Bright Side by b0s0z0ku · · Score: 2

      Any such study can be undertaken with customer permission.

      Medical studies on unwilling subjects conducted by various authoritarian governments also helped us understand things like radiation poisoning, starvation, and hypothermia. The ends don't justify the means.

    2. Re:On the Bright Side by lkcl · · Score: 1

      On the bright side, such an agreement could work towards furthering our understanding of the root causes of a variety of medical and psychological problems.

      slashdot story, 2019: ".... the study concluded that the root cause of the psychological and medical problems so endemic in society was: Facebook. in the opinion of the professionals consulted (those professionals willing to work ethically with the handful of *voluntarily* submitted and properly anonymised sources of data for the purposes of the study) they noted in particular that it was severely cognitively dissonant for people to know that their privacy was being regularly and routinely violated, yet they persisted in their continued use of Social Media, slack, github and other centralised privacy-violating services with insidious entrapment built-in at the core of their Terms of Service".

    3. Re:On the Bright Side by CanHasDIY · · Score: 1

      Facebook is nothing but an ad-funded spy network. It gathers information about billions of people. If there is any good to come from that colossal invasion of privacy, it would be preventative care.

      Um... doesn't the first sentence preclude the possibility of the last?

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    4. Re:On the Bright Side by ColdWetDog · · Score: 1

      Garbage in, garbage out.

      All of life's ills will be reduced to issues surrounding cat videos.

      --
      Faster! Faster! Faster would be better!
    5. Re:On the Bright Side by AHuxley · · Score: 1

      Governments do that all the time for free as part of their health care system.
      An ad company just saw a way to dell data back to anyone who would pay.
      Medical care was not the result.
      Profit is the only factor.

      --
      Domestic spying is now "Benign Information Gathering"
    6. Re:On the Bright Side by techsoldaten · · Score: 1

      Like I said, understanding the root cause of psychological problems is something we can achieve through data sharing.

  4. Computers made me a luddite. by Seven+Spirals · · Score: 1

    I stay with my same old doctor because he refuses to put patient records down on anything but paper. Doesn't take insurance. Voting and health care need to go back-to-the-future and use paper! They should damn sure not be networked. That's how the Iranians hid their nuclear reactor for two years before Israel blew it up. They used paper. When they stopped and a scientist traveled through Europe with a laptop, they snagged it and found out. Networked computers are one of the least secure places to put any information.

    1. Re:Computers made me a luddite. by b0s0z0ku · · Score: 1

      Then again, electronic medical records systems IF PROPERLY IMPLEMENTED can reduce error and make sure records are legible. BTW, the computers don't have to be networked to the outside world. Perfectly feasible to run everything on an airgapped Ethernet network with encrypted daily backup to a set of rotating SSD cartridges. Hardware is cheap in 2018, cloud or client/server isn't the only viable solution.

    2. Re:Computers made me a luddite. by kbonin · · Score: 3, Interesting

      Enjoy having a doctor that tries to protect your privacy while you can.
      from New Hampshire: A doctor who won't use a computer loses her license to practice medicine

    3. Re:Computers made me a luddite. by b0s0z0ku · · Score: 4, Interesting

      Her actual issue was poor record-keeping -- excessive opioid prescriptions also played into it. BTW, local electronic medical record solutions that can be totally isolated from the "cloud"/Internet do exist, and are used.

    4. Re:Computers made me a luddite. by sexconker · · Score: 1

      Then again, electronic medical records systems IF PROPERLY IMPLEMENTED can reduce error and make sure records are legible. BTW, the computers don't have to be networked to the outside world. Perfectly feasible to run everything on an airgapped Ethernet network with encrypted daily backup to a set of rotating SSD cartridges. Hardware is cheap in 2018, cloud or client/server isn't the only viable solution.

      We already know there are many ways to breach air gaps. Merely getting the required update for whatever database/billing/etc. software you run will involve you breaching the air gap. And of course, modern Intel CPUs come with built in, ON CPU WiFi / cell connections (yes, the antennas are good enough, no, you don't have control over it).

      And no, hardware is NOT cheap in 2018. And it won't be cheap in 2118. Cheap is relative. Remember - you're comparing to paper.

    5. Re:Computers made me a luddite. by b0s0z0ku · · Score: 1

      Let me repeat... hardware is cheap in 2018. A decent Intel NUC system with SSD can be had for under $500 and will last 5-7 years at least. Use them as part of a modular system with some acting as workstations, others as servers and backup devices. You can even buy them Ethernet-only, no built-in WiFi.

      Sure, an airgap can be breached with some work. It's also a hell of a lot less likely than an Internet-connected or cloud-connected system being breached. Technically, paper records can also be breached or destroyed -- burglaries of medical offices happen.

      The goal is more security, no security is absolute.

    6. Re:Computers made me a luddite. by rogoshen1 · · Score: 1

      Paper is actually kind of expensive.

      Storage, secure disposal, filing.

      Don't forget filing. In a given year how many man hours are spent looking through a filing cabinet for so and so's file? God forbid if gets misplaced.

    7. Re:Computers made me a luddite. by sexconker · · Score: 1

      Let me repeat... hardware is cheap in 2018.

      No, it isn't.

      A decent Intel NUC system with SSD can be had for under $500 and will last 5-7 years at least.

      An NUC is a laptop in a box. They don't last 5-7 years. They're good for about 3 years.

      Use them as part of a modular system with some acting as workstations, others as servers and backup devices.

      You're a nut. Who's going to design such a system and maintain all the machines? How many NUCs do you need? Don't forget the monitor, keyboard, mouse, operating system, etc. for each one.

      You can even buy them Ethernet-only, no built-in WiFi.

      Not when the WiFi is built into the CPU. https://arstechnica.com/inform...
      That shit has been standard in most Intel CPUs over the last few years. It's exposed/hidden based on SKU, like the ME shit.

      Sure, an airgap can be breached with some work. It's also a hell of a lot less likely than an Internet-connected or cloud-connected system being breached. Technically, paper records can also be breached or destroyed -- burglaries of medical offices happen.

      Airgaps don't exist when you need to access a central repository of records, when you put regular people in front of the terminal, when you need to update software, when you need to print, etc. At best you have a firewall.

      The goal is more security, no security is absolute.

      And in today's world, paper records and physical locks provide more security. Just by the weight involved in trying to steal them in bulk, or the time involved in trying to copy them in bulk.

    8. Re:Computers made me a luddite. by b0s0z0ku · · Score: 1

      (1) NUC has one moving part: the fan. If they're securely mounted to a wall or desk, there's little change of drop damage. They can easily last 5-7 years.
      (2) Who will design it and maintain it? Same people as design as maintain local (non-cloud) EMR systems now.
      (3) Doubt it about the wifi -- some NUCs still use a separate WiFi card. Besides, they'd need an open WiFi net to connect to.
      (4) You print on non-network USB printers or network printers that don't need Clown Print to work, same as people did for the past 30 years. LAN printing was a thing before the Internet was common.

  5. not surprised by Anonymous Coward · · Score: 1

    I have a magazine subscription that is dedicated to getting around HIPAA :(

    Scary just how much you CAN do and still stay legal....

    FB probably found out the Hospital networks already outdid them on data collection and there was nothing legal left to find !

  6. Re:Well, Trump will die in prison anyway by Train0987 · · Score: 2

    He's one of those Russian spy trolls sent here to make Democrats look even dumber, ensuring Trump is reelected in 2020.

  7. Re:Well, Trump will die in prison anyway by Archangel+Michael · · Score: 1

    Don't feed the trolls.

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  8. Remember by sexconker · · Score: 1

    Q told us "MZ" (Zuck the Cuck) would be stepping down from his position (willingly or not).

    When Q is proven to be correct yet again, what will you blue pillers do?

  9. Could be useful by nospam007 · · Score: 1

    So the hospital could see from his FB-posts, that he not just has a broken leg but suffers from WhiteSupremitis and AntiSemitis and needs a few antiracism drips.

  10. Borderline HIPPA violation by pdms · · Score: 1

    If this data could be construde as medical data and is being shared without patient content this could be a big problem

  11. Not a Data Leak, Normal Business by Anonymous Coward · · Score: 1

    From what I've read so far the whole Cambridge Anayltica thing wasn't a "data leak". It was business as usual except someone decided they didn't like how the data got used. That is becoming more apparently true as more stories like this one come out.

  12. after a decade by prefec2 · · Score: 1

    Facebooks business model is selling your data and access to the data via an search API. That is what you use to identify target groups and special people, like influencer, to coerce them into using certain services and buy products. While this is disgusting, it is not new. They did that before Cambridge Analytics and they do it now. And they are not the only ones doing so. All these platforms must be regulated heavily.

  13. Mr Zuckerberg by hcs_$reboot · · Score: 1

    Allez, au revoir!

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  14. Re: Well, Trump will die in prison anyway by Reverend+Green · · Score: 1

    Maybe Shareblue should stop posting recruitment ads on Grindr....

  15. Consumer protections were nice while we had them by kimvette · · Score: 1

    If we had an administration which was working for The People rather tha Big Corp and Oligarchs, these companies would be fined big money for each and every individual HIPAA violation, and the fines would be measured at minimum in tens of billions USD.

    --
    The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
  16. Wake up, people! by martinfb · · Score: 1

    It's as simple as this:

    - Do NOT click any links in any emails.
    - Do NOT send money to any Nigerian prince needing help.
    - And definitely do NOT put ANYTHING up on the web that you are NOT willing to have shared with any other party.

    In case you haven't figured it out by now, trust very few people, and absolutely trust NO corporation or politician.

    --


    Self-importance and self-indulgence is the root of ALL evil.