HIPAA Blog

[ Tuesday, July 26, 2005 ]

 

Sorry for the dearth of posts lately, but I've been vacationing. Anyway, here's an interesting article in the NYT on the recent rashes of identity and credit card information thefts, with a very interesting point, and one that has a corrolary in the healthcare and HIPAA arenas: it's often at the weakest, most pedestrian point in the process that the greatest opportunity for theft occurs. Companies may install high-tech security around their central computers, but the almost-dumb terminals in the stores might transmit the information with little or no security added. Many people who refuse to do online transactions because they are afraid to put their credit card numbers in cyberspace have no problem handing the card itself, complete with the 3-digit "extra" security code on the back, to a multi-tattooed waiter at a funky restaurant. Now, there's risk in the cybertransaction because the information is in digital format and could flow anywhere, but there's also risk in the restaurant transaction.

In the HIPAA realm, also keep in mind that your weakest link might just be the $7.00/hour data processing employee; regardless of how much security you put into your hardware and software, the "meatware" is the real problem.

Jeff [5:48 PM]

Comments:
Glad you are back...
In our security training classes, we emphasize that the most dangerous person to your data is already on your payroll. Or working there in some other capacity, like cleaning crew. Most data theft is crime of opportunity, and some unhappy minimum wage clerk can sting you just as badly as the slickest spandex-clad high-tech James Bond industrial spy. And there are a lot more of them, too.
 
Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template