tankman1989
Active Member
- Reaction score
- 5
My PCP, who is a partner/branch of the local hospital ($1.5 billion company), recently switched over to computerized records and I see some major security holes with their system. All the exam rooms have physically unsecured machines, which anyone with a $30 keylogger can use to gain access to much of the rest of the system (on top of more expensive technology that can access it all remotely with physical access). So now that all patients records are accessible on any machine, what is to stop someone from using their 10-30 min wait time in the exam room from accessing records?
Anyone knows anything about exploiting machines understands the potential here.
I was reading about FIPS encryption standards required by attorney's as of (2001?) and was wondering if there are any standards required for the medical profession. I would think that a person's medical history/file would be as personal and sensitive, if not more so, than a person's legal issues.
So does anyone know what the deal would be with this issue? I found out a little about HIPAA encryption requirements:
http://hipaa-encryption.com/HIPAA-Compliance/
Here is a PDF of FIPS encryption requirements: http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
I'm just trying to figure out where the physical access for the medical industry lies in either HIPAA or other regulations?
Anyone knows anything about exploiting machines understands the potential here.
I was reading about FIPS encryption standards required by attorney's as of (2001?) and was wondering if there are any standards required for the medical profession. I would think that a person's medical history/file would be as personal and sensitive, if not more so, than a person's legal issues.
So does anyone know what the deal would be with this issue? I found out a little about HIPAA encryption requirements:
http://hipaa-encryption.com/HIPAA-Compliance/
Here is a PDF of FIPS encryption requirements: http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
I'm just trying to figure out where the physical access for the medical industry lies in either HIPAA or other regulations?