FW: [ISN] Medical Records: Stored in the Cloud, Sold on the Open Market

About Merit

Services

Network

Resources & Support

Network Research

News

Events

Home

Discussion Communities: Merit Network Email List Archives

Network Security

From: Howell, Paul
Date: Wed Oct 21 08:59:38 2009

-----Original Message-----
From: isn-bounces@infosecnews.org [mailto:isn-bounces@infosecnews.org]
On Behalf Of InfoSec News
Sent: Tuesday, October 20, 2009 3:18 AM
To: isn@infosecnews.org
Subject: [ISN] Medical Records: Stored in the Cloud, Sold on the Open
Market

http://www.wired.com/threatlevel/2009/10/medicalrecords/

By Kim Zetter
Threat Level
Wired.com
October 19, 2009

When patients visit a physician or hospital, they know that anyone 
involved in providing their health care can lawfully see their medical 
records.

But unknown to patients, an increasing number of outside vendors that 
manage electronic health records also have access to that data, and are 
reselling the information as a commodity.

The revelation comes in a recent New York Times article about how 
so-called "scrubbed" patient data isn't as anonymous as people think. 
The piece focuses primarily on how anonymized data can be cross-bred 
with other publicly available databases, such as voting records, which 
subverts the anonymity. Buried near the end of the article is the news 
that medical data is collected, anonymized and sold, not by insurance 
agencies and health care providers, but by third-party vendors who 
provide medical-record storage in the cloud.

Electronic health record (EHR) services have been a growing industry in 
the last few years, according to Sue Reber, marketing director of the 
Certification Commission for Health Information Technology. Reber says 
most vendors used to simply sell software packages; once the product was

sold, the vendor had no connection to the data stored in it. But an 
increasing number of companies have begun to offer web-based 
software-management applications that include database storage 
controlled and managed by the vendor.

------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------

Prev by Date: SANS NewsBites Vol. 11 Num. 83 : Second data breach brings $275,000 fine for ChoicePoint
Next by Date: FW: [ISN] Botnet Unleashes Variety Of New Phishing Attacks
Date Index
Thread Index
Author Index
Historical