Feb20
Medical firms losing data – Dude, where’s my teeth?
on February 20th, 2007 at 1:31 pm
Anyone heard of any action against these medical companies under HIPAA regulation? Neither have I.
This is the problem with government trying to fix a problem. While I agree with the basic attempt HIPAA is making at securing personal medical data, it just makes no sense to have anyone try to comply when nothing happens if you don’t.
And when a few CEO / CFO / COO types see this story and don’t see even any attempts at prosecution in the next few months, then they will start rethinking about their investment in security
Another thought is that these companies are HIPAA compliant and still have problems. If that is so, then it goes to show you that compliance does not equal security.
Vet
Any security efforts will only remove low hanging fruit anyway.
Why should health enterprises spend money on partial solutions? When there are solutions that address data access and not network access, then they should invest. Until then, it is probably a waste of money, because they will solve today’s problem, but not tomorrow’s.