Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Nobody Cares About HIPAA
Newest First  |  Oldest First  |  Threaded View
EMONTEIRO027
EMONTEIRO027,
 User Rank: Apprentice
3/22/2012 | 2:05:17 AM
re: Nobody Cares About HIPAA
Of course people care about HIPAA. But then again you have to remember... just when they think they're compliant.. some new law or some modification is added to the existing one and then they have to go back and revamp whatever they have to meet the new rules.
Every health care provider's office I've ever walked in definitely cares though and they are not trying to get penalized.
LindaJoyAdams
LindaJoyAdams,
 User Rank: Apprentice
3/18/2012 | 5:19:43 AM
re: Nobody Cares About HIPAA
Laws already existed against a breach of privacy by medical providers. And the govt contractors and govt agencies are not included in the HIPPAA protections. So the biggest breach of privacy by a doctor is when the claim is submitted to a govt financed but govt contractor run health plan. The acting Director of medicare , Dr. Berwick, wanted to get them under HIPPAA but was unable to do so. Govt contractors are given immunity from criminal wrong doings and they can;t be internally audited; yet not one in Congress will put back the laws that used to exist: commit a crime or violate laws- investigations and prosecutions can be done. And Internal audits as to how or what our public monies are being used for will be done. Why hire contract auditors if they can only see what the govt contractor wants them to see. All this law did was raise health care costs by increasing as real care of the patient dollars got spent on computer systems; which are now obsolete as we prepare for the ' cloud.' worse of all the new systems are really causing some problems. It is cross checking my drivers license number with when we first moved to this state and using that address instead of my current one.( We actually didn't move but 911 changed the address a few years ago; I even checked but we are paying property taxes on the same legal description) I had a doctor bill in collections before I'd received any notice from the health plan or a bill of what the co- pays were. Now how do I get this corrected when the State of OK driver's license bureau which is interlocked with Home land security isn't under HIPPAA and sharing incorrect info. My submission to correct this didn't take! Only thing I know what to do is go in and start all over with my driver's license renewal. My doctors provide more conscientious privacy than all these messed up govt agencies and their contractors and they are able to do this better without all these computer systems when so many are getting access to my personal info after the claim is filed. Why does Homeland security want or need to know my blood pressure and temperature and other medical info? Also once info is wrong inside the govt contractors; it can't get changed and that includes diagnostic coding which is being done inside the govt contractors to by pass their security protocols and get medicare to pay when others are the primaries, like my federal workers compensation. This can and has been deadly if the data base is used for a medical history. Congress had this study several years ago and nothing has been done to correct some basic problems in the current system. When this is done; its called theft by law which the contractors have been given congressional immunity from stealing the Medicare and even medicaid and other govt health plan monies from.Linda Joy Adams
ANON1241631011972
ANON1241631011972,
 User Rank: Apprentice
3/16/2012 | 10:03:47 PM
re: Nobody Cares About HIPAA
I don't think this is an accurate assessment. With the high fines for breaches, we care about HIPAA. However, like Dodd-Frank, we are spending a huge chunk of our budget on compliance activities which provide no healthcare value and add to the cost of healthcare. Most of the so-called "breaches" have no consequence to the consumer because they involve media that was stolen for the value of the media and not for the exploitation of its PHI content. Notwithstanding the lack of actual damages, the insatiable enforcement agencies make the data loss worth millions of dollars to them. This hypocritical behavior on the part of the government (i.e.; pretending to want to reduce costs while, at the same time, driving costs up with every new regulation) is why people are jaded on this subject. Most of the regulations have no practical utility value in terms of "civil rights" protection. This is what makes people cynical about HIPAA.
rmanske53101
rmanske53101,
 User Rank: Apprentice
3/16/2012 | 5:35:58 PM
re: Nobody Cares About HIPAA
I don't know who Ben Drake is, but as a source, he's an idiot and has no clue about HIPAA complinace at other companies. I've worked for major healthcare providers and payers alike, and everyone I know takes HIPAA compliance very seriously, in the from of time, resources and capital. Maybe a small doctors office doesn't care much for compliancy, but I can assure you, most in the healthcare industry have gone to great lenghts to be compliate with the regualtions.

To say it mildly, this artical is worthless and Ben Drake doesn't speak for the healthcare industy.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1172
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
CVE-2023-1469
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
CVE-2023-1466
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
CVE-2023-1467
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
CVE-2023-1468
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...