[ Friday, May 27, 2005 ]
Interesting Security Issue:
The University of Pittsburgh Medical Center had an online form
that patients could fill out to order drugs, but discovered that they didn't have much in the way of security measures attached to the form, which asked for patient names and social security numbers. So they pulled the form. Good response, but also a good lesson: whenever you set up web-based mechanisms to collect information that might contain PHI, you need to (i) include some protection such as encryption and (ii) make sure the individual you're dealing with knows what you are doing to protect their information and that whatever you do may not be failsafe.
Jeff [9:25 AM]
Blogger: HIPAA Blog - Edit your Template