OH BOY.
Im trying to reduce the snarky level of my posts so.... here goes.
I read this article and had to wonder how much was spent on a report that verifies what many computer security professionals have been saying for a while.
Generally speaking, no electronic files of any sort are without risk of compromise. (Physical record are also susceptible but they take more individualized effort and run into fundamental laws of physics reducing the scope of a successful attack.... how many file-folders can you fit in the trunk of your car?) However, the more a given set of information is worth, the more likely its theft or compromise will be.
And always remember, the largest data thefts tend to be inside jobs.
OK, now we have covered the 'background' so to speak, lets get some quotes from this article:
"Concerns about harm from the use of health (technology) have emerged," the report said. "Designed and applied inappropriately, health (technology) can add an additional layer of complexity to the already complex delivery of health care, which can lead to adverse consequences."
What I read there is that if you dont keep it simple, and make too many competing standards.... all hell will break loose. Even standardized systems can be clunky or badly setup. I have personal experience with a system set up at two nationally acclaimed children's hospitals. The same system, set up by what I believe was two different vendors. In one Hospital, the implementation was so complicated that even after six months of training and testing there were still life threatening mistakes being made on a regular basis. The other hospital, however, had a better setup with fewer default settings left in place and more reasonable and logical customization. Their system worked well.
Another Quote:
Tuesday's report is not the only flashing yellow light in the switch to computerized medical records. Previously, the Health and Human Services inspector general warned that security standards need improvement.
I've seen the warning from the HHS inspector general reported on before.
Hes right. One of the most popular software packages for small doctor's offices is built on an open source platform.... with a hardcoded default admin password. Unless the person installing it knows and cares to change it, the installation is vulnerable to remote attack of the simplest and most devastating sort.
Ok, enough babbling. Its a decent article, light on technical stuff but it has the right idea. Electronic medical files are not a panacea and will cause easily as many issues as it solves.
No comments:
Post a Comment