HIPAA to the rescue?

HIPAA to the rescue?

(Thanks to Mickey for this one!)

People are fighting back by “battling large, remote-controlled herds of hacked personal PCs, also known as “botnets”” and –according to the Washington Post— HIPAA is turning out to be a potent weapon:

Albright spied one infected PC reporting data about the online activities of its oblivious owner — from the detailed information flowing across the wire, it was clear that one of the infected computers belongs to a physician in Michigan.

“The botnet is running a keylogger, and I see patient data,” Albright said. The mere fact that the doctor’s PC was infected with a keylogger is a violation of the Health Insurance Portability and Accountability Act (HIPAA), which requires physicians to take specific security precautions to protect the integrity and confidentiality of patient data. “The police need to be notified ASAP to get that machine off the network.”

HIPAA seem to be one of the only legal tools available:

Albright said that while federal law enforcement has recently made concerted efforts to reach out to groups like Shadowserver in hopes of building a more effective partnership, they don’t have the bodies, the technology, or the legal leeway to act directly on the information the groups provide.

“Our data can’t be used to gather a warrant,” Albright said. “Law enforcement has to view the traffic first hand, and they are limited on what and when they can view.”

March 22, 2006

2 thoughts on “HIPAA to the rescue?”

  1. David,

    I believe HIPAA is actually inhibiting email communication from my parents, and by definition, they are a group who would be down with the internet concept. Logging into a web site to send me a question is just too much work for them.

    Even a mom who is a web master (or is it mistress?) says it’s too much work! She’d rather call me.

    As soon as I can be sure the AG won’t prosecute physician-patient email as HIPAA violations I’m going back to “old fashioned” standard email.



  2. That doesn’t make terribly much sense. Maybe you are super accessible, but I can’t imagine that logging into a site is harder than getting through to you by phone. I use secure messaging with my doc and it’s oh so much easier than calling.

    Once you start getting a lot of messages, you’ll appreciate the ability to integrate secure, structured messaging into your workflow and EHR. And it will be worthwhile for your patients’ parents, too.

Leave a Reply

Your email address will not be published. Required fields are marked *