See your link here
Does law = privacy?
- TAGS:Google, healthcare, HIPAA, Microsoft, proivacy, regulation
- IT TOPICS:Emerging Technology, Government & Regulation, Internet, Security
Last week I wrote (or ranted - you pick) about how a lot of companies think that compliance to a regulation is enough security, that it ACTUALLY means your infrastructure is secure.
Then this week I read this story about how Google and Microsoft are trying to create centralized health data repositories that will give doctors everywhere more convenient access to our health records. I can immediately see the benefit here, but like the author of the story, I can also see the immediate danger. What kind of security is going to be in place? How are Google and MSFT going to assure me that approriate measures are in place? How do doctors get access to the data? Etc, etc, etc.
But here's where I part ways with the author:
The drawback? The Health Insurance Portability and Accountability Act (HIPAA), a federal law that governs the confidentiality of health records, doesn't extend to non-health-care companies.
...
But absent any HIPAA or other overarching regulation, McGraw notes, you simply have to trust that the companies will do the right thing.
...
I want laws that specifically define what can and can't be done with the information. And I want the company responsible to be punished if someone screws up and releases my data.
Simply put, the author wants a law on the books to cover entities such as Google and MSFT if they are going to be handling healthcare data. Now on first brush, I agree that this needs to be addressed. I am not a huge fan of a bunch of new laws, but this really sets a precedent in a lot of ways that current laws don't cover (some privacy laws do cover this, but I won't get into that here).
However, look at the tag line of the article:
Until we have laws guaranteeing the privacy of my digitized health information, I'll pass.
"laws guaranteeing"? Ummmm, ok... Since when does a law guarantee anything? And since when does a law stop a criminal? Criminals don't stop unless they are caught. Criminals, by definition, BREAK LAWS (see my opinions on this here and here). This still smacks of trusting regulations. While I understand the author's point, I will counter and say that it is naïve to think that a law is going to be the magic bullet. If you don't want to risk your data getting compromised, then don't let your data get fed to them in the first place.
Reply
Print
Email this
Digg this
