Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Nobody Cares About HIPAA
Threaded  |  Newest First  |  Oldest First
rmanske53101
rmanske53101,
 User Rank: Apprentice
3/16/2012 | 5:35:58 PM
re: Nobody Cares About HIPAA
I don't know who Ben Drake is, but as a source, he's an idiot and has no clue about HIPAA complinace at other companies. I've worked for major healthcare providers and payers alike, and everyone I know takes HIPAA compliance very seriously, in the from of time, resources and capital. Maybe a small doctors office doesn't care much for compliancy, but I can assure you, most in the healthcare industry have gone to great lenghts to be compliate with the regualtions.

To say it mildly, this artical is worthless and Ben Drake doesn't speak for the healthcare industy.
ANON1241631011972
ANON1241631011972,
 User Rank: Apprentice
3/16/2012 | 10:03:47 PM
re: Nobody Cares About HIPAA
I don't think this is an accurate assessment. With the high fines for breaches, we care about HIPAA. However, like Dodd-Frank, we are spending a huge chunk of our budget on compliance activities which provide no healthcare value and add to the cost of healthcare. Most of the so-called "breaches" have no consequence to the consumer because they involve media that was stolen for the value of the media and not for the exploitation of its PHI content. Notwithstanding the lack of actual damages, the insatiable enforcement agencies make the data loss worth millions of dollars to them. This hypocritical behavior on the part of the government (i.e.; pretending to want to reduce costs while, at the same time, driving costs up with every new regulation) is why people are jaded on this subject. Most of the regulations have no practical utility value in terms of "civil rights" protection. This is what makes people cynical about HIPAA.
LindaJoyAdams
LindaJoyAdams,
 User Rank: Apprentice
3/18/2012 | 5:19:43 AM
re: Nobody Cares About HIPAA
Laws already existed against a breach of privacy by medical providers. And the govt contractors and govt agencies are not included in the HIPPAA protections. So the biggest breach of privacy by a doctor is when the claim is submitted to a govt financed but govt contractor run health plan. The acting Director of medicare , Dr. Berwick, wanted to get them under HIPPAA but was unable to do so. Govt contractors are given immunity from criminal wrong doings and they can;t be internally audited; yet not one in Congress will put back the laws that used to exist: commit a crime or violate laws- investigations and prosecutions can be done. And Internal audits as to how or what our public monies are being used for will be done. Why hire contract auditors if they can only see what the govt contractor wants them to see. All this law did was raise health care costs by increasing as real care of the patient dollars got spent on computer systems; which are now obsolete as we prepare for the ' cloud.' worse of all the new systems are really causing some problems. It is cross checking my drivers license number with when we first moved to this state and using that address instead of my current one.( We actually didn't move but 911 changed the address a few years ago; I even checked but we are paying property taxes on the same legal description) I had a doctor bill in collections before I'd received any notice from the health plan or a bill of what the co- pays were. Now how do I get this corrected when the State of OK driver's license bureau which is interlocked with Home land security isn't under HIPPAA and sharing incorrect info. My submission to correct this didn't take! Only thing I know what to do is go in and start all over with my driver's license renewal. My doctors provide more conscientious privacy than all these messed up govt agencies and their contractors and they are able to do this better without all these computer systems when so many are getting access to my personal info after the claim is filed. Why does Homeland security want or need to know my blood pressure and temperature and other medical info? Also once info is wrong inside the govt contractors; it can't get changed and that includes diagnostic coding which is being done inside the govt contractors to by pass their security protocols and get medicare to pay when others are the primaries, like my federal workers compensation. This can and has been deadly if the data base is used for a medical history. Congress had this study several years ago and nothing has been done to correct some basic problems in the current system. When this is done; its called theft by law which the contractors have been given congressional immunity from stealing the Medicare and even medicaid and other govt health plan monies from.Linda Joy Adams
EMONTEIRO027
EMONTEIRO027,
 User Rank: Apprentice
3/22/2012 | 2:05:17 AM
re: Nobody Cares About HIPAA
Of course people care about HIPAA. But then again you have to remember... just when they think they're compliant.. some new law or some modification is added to the existing one and then they have to go back and revamp whatever they have to meet the new rules.
Every health care provider's office I've ever walked in definitely cares though and they are not trying to get penalized.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file