ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    ProjectSend

    Scheduled Pinned Locked Moved IT Discussion
    storageprojectsend
    157 Posts 9 Posters 81.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @drewlander
      last edited by

      @drewlander said:

      As I understand them, HIPAA laws are crafted to protect the patient, and penalize end users for the misuse of the data. Your argument is in defense of the doctors, not the patients.

      Oh no, I didn't mean it to be. ALL of that was about getting customers equal access to their own data. Not doctors getting data. At least that is what I intended.

      1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @drewlander
        last edited by

        @drewlander said:

        When data crosses borders to another country, I cannot effectively govern the use of that data outside of the United States as it pertains to HIPAA.

        I understand that. But my point is that it isn't yours to govern, it is the patients. So once a patient has taken that data the IT people have nothing to do with it.

        1 Reply Last reply Reply Quote 0
        • DashrenderD
          Dashrender
          last edited by

          Scott's entire purpose of his perspective has been from the patient side. Really this whole thread needs to be scrapped and started over when looking at sending data not to patients, because my intention for the use of something like Project Send isn't patient-centric, it's inter community communication with other health related entities (most of them being Business Associates or other Covered Entities).

          drewlanderD scottalanmillerS 3 Replies Last reply Reply Quote 0
          • DashrenderD
            Dashrender
            last edited by

            I'll agree that the point was never to block a patient from access to their files from anywhere they happen to be - though the idea of blocking China and other known parts of the world to be providing the majority of the hacks around the world is extremely desirable in my mind.

            As an aside, my email filtering company is set to GEO block all emails that come from outside the USA. This does present the occasional issue, but by and large it blocks 80-90% of the spam email we get (well at least it used to, spam levels for us seem to be on the decline).

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • drewlanderD
              drewlander @Dashrender
              last edited by

              @Dashrender Right. So scrap the thread and lets start over. Basically this being written in PHP with a MySQL backend is great. So simple to modify and tailor as needed. Also I think it can be easily integrated into other projects if that ever came up.

              1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @Dashrender
                last edited by

                @Dashrender said:

                This was a question, perhaps a leading one.. but one none the less. From your post it appears you think there would be no liability if the proper precautions are taken.

                Right, if proper precautions are taken to protect the client data and to provide equitable access, the liability would not be with the IT department.

                1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @Dashrender
                  last edited by

                  @Dashrender said:

                  Scott's entire purpose of his perspective has been from the patient side. Really this whole thread needs to be scrapped and started over when looking at sending data not to patients, because my intention for the use of something like Project Send isn't patient-centric, it's inter community communication with other health related entities (most of them being Business Associates or other Covered Entities).

                  That would be rather different, I agree.

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @Dashrender
                    last edited by

                    @Dashrender said:

                    I'll agree that the point was never to block a patient from access to their files from anywhere they happen to be - though the idea of blocking China and other known parts of the world to be providing the majority of the hacks around the world is extremely desirable in my mind.

                    The question becomes... how many false positives are okay?

                    DashrenderD 1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @Dashrender
                      last edited by

                      @Dashrender said:

                      ...because my intention for the use of something like Project Send isn't patient-centric, it's inter community communication with other health related entities (most of them being Business Associates or other Covered Entities).

                      How does it work if your patients go to a different medical center and legitimate doctors from outside of your area need access?

                      1 Reply Last reply Reply Quote 0
                      • DashrenderD
                        Dashrender @scottalanmiller
                        last edited by

                        @scottalanmiller said:

                        @Dashrender said:

                        I'll agree that the point was never to block a patient from access to their files from anywhere they happen to be - though the idea of blocking China and other known parts of the world to be providing the majority of the hacks around the world is extremely desirable in my mind.

                        The question becomes... how many false positives are okay?

                        LOL you know that that is an arbitrary number, each situation will have it's own answer. Instead of blocking, I could forward all email to myself and spend my day deciding what was spam and what wasn't, but I don't do that either.

                        Our false positive rate on Spam and non US IP based messages is well below 1%, probably below 0.0001%. When one is discovered, they are added to the whitelist. Our whitelist is pretty small, less than 50 items on it.

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @Dashrender
                          last edited by

                          @Dashrender said:

                          @scottalanmiller said:

                          @Dashrender said:

                          I'll agree that the point was never to block a patient from access to their files from anywhere they happen to be - though the idea of blocking China and other known parts of the world to be providing the majority of the hacks around the world is extremely desirable in my mind.

                          The question becomes... how many false positives are okay?

                          LOL you know that that is an arbitrary number, each situation will have it's own answer. Instead of blocking, I could forward all email to myself and spend my day deciding what was spam and what wasn't, but I don't do that either.

                          Our false positive rate on Spam and non US IP based messages is well below 1%, probably below 0.0001%. When one is discovered, they are added to the whitelist. Our whitelist is pretty small, less than 50 items on it.

                          Let's think of it as phone calls. How many calls from non-US numbers would you take? At what point do you block any and all communications from non-American parties and/or addresses?

                          If you knew that people were outside the US it would be one question, if you are just using geo location it is another. In one case you are making a decision around location. In the other you are allowing a third party to list "location-ish."

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller
                            last edited by

                            But the issue with HIPAA becomes .... are intentional false positives allowed? Meaning, do you get to choose to "hard block" people based on certain criteria? If we are talking business partners, of course. But what about patients or doctors? What happens if someone can't get their data when they need it based on that decision?

                            drewlanderD 1 Reply Last reply Reply Quote 0
                            • drewlanderD
                              drewlander @scottalanmiller
                              last edited by

                              @scottalanmiller What happens if patients are in the same city? They (or POA) have to consent to a release of medical records.

                              scottalanmillerS 1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @drewlander
                                last edited by

                                @drewlander said:

                                @scottalanmiller What happens if patients are in the same city? They (or POA) have to consent to a release of medical records.

                                What form does that form take? Digital?

                                1 Reply Last reply Reply Quote 0
                                • drewlanderD
                                  drewlander
                                  last edited by

                                  @scottalanmiller said:

                                  What form does that form take?

                                  There is no mandate to document on paper or electronically; There is only incentive branded as "Meaningful Use". Additionally there is no requirement to transmit that file in either format. Moreover, when a release of records request is made, the office processing the request may charge a reasonable fee to prepare and send those records. That fee is governed by state law where applicable. And to be very clear, a patients records do not belong to the patient whatsoever. A patient is not entitled to scanned copies of everything in their chart. Basically you are entitled to what you already know. Diagnoses, medications and test results.

                                  http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/medicalrecords.html

                                  1 Reply Last reply Reply Quote 1
                                  • scottalanmillerS
                                    scottalanmiller
                                    last edited by

                                    Yeah, no question that everything medical in America is awful. You know it is bad when all of the Americans living in Nicaragua rave about the healthcare here!

                                    1 Reply Last reply Reply Quote 1
                                    • 1
                                    • 2
                                    • 3
                                    • 4
                                    • 5
                                    • 6
                                    • 7
                                    • 8
                                    • 8 / 8
                                    • First post
                                      Last post