EHRs might have 'reasonable' security in place, but, as we know, security isn't a thing, it's a process. And all too often, to get the damn EHR to work with the lab system, the radiology system, the billing system and bog-knows-what-else, the 'security' bits get compromised.
And then there are the users. I just LOVE typing in my user name and password one hundred times during the day. Yes, we could go single sign on. For another 100K and a bunch of other IT problems. No, we don't have that 100K. So no single sign on.
The only saving grace is that, as has been pointed out, there is little to be gained to brute forcing large numbers of medical records. Unless you live in Hollywood or DC or some place where your ratio of high value targets to plebs gets sort of reasonable, it's not going to be very lucrative. Nobody cares about your herpes.
I work at a healthcare related IT company and it's often hard enough to connect a bunch of systems together, making security not a top priority. Most of the time it goes like this: "Let's just make sure it works and we can do security stuff like enabling SSL and protecting web services with WS-Security later". And obviously, that "later" never actually happens.
This. Right now with the big mandated roll out, vendors are scrambling to meet Meaningful Use (also known as Meaningless Abuse) criteria. This entertaining government mandate, like most government mandates is an overly complex, ever changing, voluminous coding horror.
The major security focus seems to be 'nothing works, nobody can get anything out of the system' - it's secure by definition.
That was certainly a part of it. The funny thing is that the insurers are the ones having the hardest time getting their electronic acts together. They invariably use gargantuan legacy systems, coded originally on punch cards and even changing the number of fields in a form requires thousands of programmer-years.
The other big push was by a weird combination of politicians latching on to anything that could possibly save money (ohhh! Shiny!) and big system / big vendors realizing that they were sitting pretty to gobble up lots of smaller systems that simply didn't have the capital to compete. EHRs are very, very expensive and time consuming. Once integrated into large systems, they do improve workflows and likely pay back the investment. For smaller hospitals, not so much.
The key in American medicine is to gobble up all of the patients with economically viable diseases. Mostly heart disease, orthopedics and cancer. The rest of the population is just a loss leader. So you need lots and lots of procedures^Hpatients to make your nut.
In fact my medical records folder comes home with me from my visits and does not even physically stay in his office.
No, it doesn't. At least in the US, the original stays in the office. You might get a copy but even here in Nuttville we're not crazy enough to let the patient have the canonical record.
Besides, you do realize that your pharmacy sells your prescription information to mining companies and that the states typically monitor any restricted drug with a system of your own?
The only way to stay perfectly anonymous is to get care out of the country or stay healthy.
EHRs in general are so fucked up that even legitimate users can't figure out what the hell is going on most times.
I tell you what guys. If you do manage to hack into a bunch of systems, could you gin up some code that allows you to get the information out of all of them and put them in one useable place? Despite millions of dollars and countless lines of code, the vendors have yet to make that happen.
That's absolutely correct. Again, means and motives. The intersection of those two sets would give you persons of interest. If a security researcher doesn't look at the admins in a breech, would you consider them competent?
So you might be a 'suspect'. In the real word (as opposed the paranoid crazy version here) someone would politely sit down with you and discuss a few things. Then someone else might come over and discuss some more things. Your work logs might be reviewed. If you worked through home and preliminary review made you even more interesting, you might be asked to cough up bits of your home computers - which is why you want to isolate work from play.
It DOESN'T mean that the swat team will barrel through your door or that the FBI will cart off your desk. Again, it's how any investigation happens. If that really bugs you, get a job on a farm and stay the hell away from the fertilizer.
LOL what indeed. Even in my little town of 8000 people,.1% of the population gives me plenty of people to regularly interact with. People that I might want to interact with. Of course, YMMV and if you think happiness revolves around Facebook (or Slashdot or whatever) then good for you.
I personally don't like all that many folks on my lawn.
NASA and the military have a long, close and contentious relationship. Remember, NASA does few things internally. It outsources most of the manufacturing to other companies. Which companies? Why the very same companies that comprise the military-industrial complex. The Shuttle was a joint Air Force / NASA program (that wasn't terribly smart but that is another story). Many NASA positions require military security clearances.
All of NASA's boosters derived from military stock.
Knowledge is funny sometimes. It just doesn't follow narrowly defined lines. It just doesn't go where you think it will go.
One of the enduring legacies of Apollo was managing giant, hi tech endeavors with tens of thousands of people involved. Same sorts of endeavors that bring you giant aircraft, giant boats, enormous power projects, the Internet.
While you can argue about how safe or sane searching for knowledge really is, it's clear that it does have major effects on our economy and ecology.
So tune in, turn on and keep your antivirus programs running. It's a weird ride.
Personally I'm pissed off as a Canadian that our government signed onto the F35 program with no bidding or such, totally lied about the costs, when what we really need is a plane that can fly in arctic conditions and keep flying if it loses an engine.
They've already got one, you see. And it's very nice.
Probably would womp an F35 in Arctic air support missions.
What are you talking about? "The Interview" will probably make a lot less money because all of the movie theaters that 90% of people go to aren't showing it. Some of the leaked emails are very embarrassing and will probably cost them a lot in lost goodwill with business partners, which will translate into less profits.
Slashdot Mirror
EHRs might have 'reasonable' security in place, but, as we know, security isn't a thing, it's a process. And all too often, to get the damn EHR to work with the lab system, the radiology system, the billing system and bog-knows-what-else, the 'security' bits get compromised.
And then there are the users. I just LOVE typing in my user name and password one hundred times during the day. Yes, we could go single sign on. For another 100K and a bunch of other IT problems. No, we don't have that 100K. So no single sign on.
The only saving grace is that, as has been pointed out, there is little to be gained to brute forcing large numbers of medical records. Unless you live in Hollywood or DC or some place where your ratio of high value targets to plebs gets sort of reasonable, it's not going to be very lucrative. Nobody cares about your herpes.
And the minute his malpractice carrier sees that, he will never be insured again.
You both may be big boys, but you're not lawyers. And lawyers trump big boys in this system.
I work at a healthcare related IT company and it's often hard enough to connect a bunch of systems together, making security not a top priority.
Most of the time it goes like this: "Let's just make sure it works and we can do security stuff like enabling SSL and protecting web services with WS-Security later". And obviously, that "later" never actually happens.
This. Right now with the big mandated roll out, vendors are scrambling to meet Meaningful Use (also known as Meaningless Abuse) criteria. This entertaining government mandate, like most government mandates is an overly complex, ever changing, voluminous coding horror.
The major security focus seems to be 'nothing works, nobody can get anything out of the system' - it's secure by definition.
answered in a suitably apocalyptic fashion
Cool. So the rumors that Kayne West and Kim Kardiashian are moving to Pyongyang are true?
That's what meth labs are for.
Bonus points: They go BOOM when you shoot at them.
Or unless sending terabytes of data out is routine. Sony Pictures makes movies. Movies are digital. Digital video loves disk space.
So sending dozens of gigabytes a day to any random address may well be business as usual.
That was certainly a part of it. The funny thing is that the insurers are the ones having the hardest time getting their electronic acts together. They invariably use gargantuan legacy systems, coded originally on punch cards and even changing the number of fields in a form requires thousands of programmer-years.
The other big push was by a weird combination of politicians latching on to anything that could possibly save money (ohhh! Shiny!) and big system / big vendors realizing that they were sitting pretty to gobble up lots of smaller systems that simply didn't have the capital to compete. EHRs are very, very expensive and time consuming. Once integrated into large systems, they do improve workflows and likely pay back the investment. For smaller hospitals, not so much.
The key in American medicine is to gobble up all of the patients with economically viable diseases. Mostly heart disease, orthopedics and cancer. The rest of the population is just a loss leader. So you need lots and lots of procedures^Hpatients to make your nut.
In fact my medical records folder comes home with me from my visits and does not even physically stay in his office.
No, it doesn't. At least in the US, the original stays in the office. You might get a copy but even here in Nuttville we're not crazy enough to let the patient have the canonical record.
Besides, you do realize that your pharmacy sells your prescription information to mining companies and that the states typically monitor any restricted drug with a system of your own?
The only way to stay perfectly anonymous is to get care out of the country or stay healthy.
EHRs in general are so fucked up that even legitimate users can't figure out what the hell is going on most times.
I tell you what guys. If you do manage to hack into a bunch of systems, could you gin up some code that allows you to get the information out of all of them and put them in one useable place? Despite millions of dollars and countless lines of code, the vendors have yet to make that happen.
That's absolutely correct. Again, means and motives. The intersection of those two sets would give you persons of interest. If a security researcher doesn't look at the admins in a breech, would you consider them competent?
So you might be a 'suspect'. In the real word (as opposed the paranoid crazy version here) someone would politely sit down with you and discuss a few things. Then someone else might come over and discuss some more things. Your work logs might be reviewed. If you worked through home and preliminary review made you even more interesting, you might be asked to cough up bits of your home computers - which is why you want to isolate work from play.
It DOESN'T mean that the swat team will barrel through your door or that the FBI will cart off your desk. Again, it's how any investigation happens. If that really bugs you, get a job on a farm and stay the hell away from the fertilizer.
LOL what indeed. Even in my little town of 8000 people, .1% of the population gives me plenty of people to regularly interact with. People that I might want to interact with. Of course, YMMV and if you think happiness revolves around Facebook (or Slashdot or whatever) then good for you.
I personally don't like all that many folks on my lawn.
Not really, what is the "spice" from space in your example?
On Arrakis, silly.
NASA and the military have a long, close and contentious relationship. Remember, NASA does few things internally. It outsources most of the manufacturing to other companies. Which companies? Why the very same companies that comprise the military-industrial complex. The Shuttle was a joint Air Force / NASA program (that wasn't terribly smart but that is another story). Many NASA positions require military security clearances.
All of NASA's boosters derived from military stock.
At a lot of levels, they are one in the same.
Knowledge is funny sometimes. It just doesn't follow narrowly defined lines. It just doesn't go where you think it will go.
One of the enduring legacies of Apollo was managing giant, hi tech endeavors with tens of thousands of people involved. Same sorts of endeavors that bring you giant aircraft, giant boats, enormous power projects, the Internet.
While you can argue about how safe or sane searching for knowledge really is, it's clear that it does have major effects on our economy and ecology.
So tune in, turn on and keep your antivirus programs running. It's a weird ride.
Not really, it's US shale oil that is kicking the Russian's economic butt. Wasn't planned, won't last all that long, but what the hell, take it.
(Looks around. Seems wetter and colder than Australasia usually is.)
It's popular up here in Alaska. Not sure just what that means, but there you have it....
Personally I'm pissed off as a Canadian that our government signed onto the F35 program with no bidding or such, totally lied about the costs, when what we really need is a plane that can fly in arctic conditions and keep flying if it loses an engine.
They've already got one, you see. And it's very nice.
Probably would womp an F35 in Arctic air support missions.
What are you talking about? "The Interview" will probably make a lot less money because all of the movie theaters that 90% of people go to aren't showing it. Some of the leaked emails are very embarrassing and will probably cost them a lot in lost goodwill with business partners, which will translate into less profits.
Goodwill? In Hollywood?
You must be joking.
And you guys thought the reason for adding Internet connectivity to appliances was to help the NSA.
Come see the Battle of the Appliances! Coming to a home near you!
GE toaster takes out Amana microwave. LG dryer attacks the Hoover vacuum. People run to the streets in terror!
Micheal Bay to direct the movie!
Foundation and Empire? With Gates as the Mule?
Perhaps we could confuse the issue by chanting 'Hosts file'.
Didn't get that model of the Enterprise for Christmas, did we?
Flying cars don't solve any pressing issues. In fact just the concept creates many more problems than it could ever "solve".
It would certainly solve problems. It would finally get people around here to shut up about the flying cars already.
Absence of gravity? You realize the Irrelevant Space Skid is only 400km up and thus is subject to 90% of the surface force of gravity?
It's that last 10% that really gets you.
I can buy Tang at the grocery store too and I don't feel particularly historic.
An .stl file for Tang ought to be interesting.