ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    ProjectSend

    Scheduled Pinned Locked Moved IT Discussion
    storageprojectsend
    157 Posts 9 Posters 81.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender
      last edited by

      You are basically saying that a Covered Entity can't decide that they want to do this, and do it... and I'd like to know why you feel that way?

      Also, why do you feel that puts you at more risk?

      scottalanmillerS 2 Replies Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @Dashrender
        last edited by

        @Dashrender said:

        you implied the healthcare part of this. Not sure that's actually there. The Covered Entity decides who does and who doesn't get access to the HPI.

        Is that true? The covered entity gets unlimited choice in that matter? Having worked in hospitals doing HIPAA work consulting, that was very much not true by our and their belief. I've never seen anything in the HIPAA regulations that suggested that a covered entity had any such say.

        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @Dashrender
          last edited by

          @Dashrender said:

          You are basically saying that a Covered Entity can't decide that they want to do this, and do it... and I'd like to know why you feel that way?

          I feel this way because it is my understanding of the law and the only way that the law makes sense. Why would ANY unnecessary use or unauthorized use of my private data be allowed when we are talking about a law specifically to stop the unnecessary and unauthorized use of that data?

          DashrenderD 1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @Dashrender
            last edited by scottalanmiller

            @Dashrender said:

            Also, why do you feel that puts you at more risk?

            What is the risk that HIPAA is to protect against? Unnecessary people getting access to my data.

            What has happened? Exactly that.

            1 Reply Last reply Reply Quote 0
            • DashrenderD
              Dashrender @scottalanmiller
              last edited by

              @scottalanmiller said:

              @Dashrender said:

              You are basically saying that a Covered Entity can't decide that they want to do this, and do it... and I'd like to know why you feel that way?

              I feel this way because it is my understanding of the law and the only way that the law makes sense. Why would ANY unnecessary use or unauthorized use of my private data be allowed when we are talking about a law specifically to stop the unnecessary and unauthorized use of that data?

              Just because you consider it unnecessary does not mean others don't. You consider this entire approach pointless boarding on meaningless, I simply don't agree.

              Again, and I'll continue to state this, I would never do as @dafyre suggested and call patients based on an IP seeming to be coming from a bad location.

              scottalanmillerS dafyreD 3 Replies Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @Dashrender
                last edited by

                @Dashrender said:

                Just because you consider it unnecessary does not mean others don't. You consider this entire approach pointless boarding on meaningless, I simply don't agree.

                But... is it your call at all? It's not your data. Why would you have an association with the data at all?

                1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @Dashrender
                  last edited by

                  @Dashrender said:

                  Again, and I'll continue to state this, I would never do as @dafyre suggested and call patients based on an IP seeming to be coming from a bad location.

                  So how would you use it, then?

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller
                    last edited by

                    And more importantly.... why?

                    1 Reply Last reply Reply Quote 0
                    • dafyreD
                      dafyre @Dashrender
                      last edited by

                      @Dashrender said:

                      Again, and I'll continue to state this, I would never do as @dafyre suggested and call patients based on an IP seeming to be coming from a bad location.

                      I never suggested I'd be calling patients. Only employees of the company that I work for.

                      DashrenderD 1 Reply Last reply Reply Quote 1
                      • DashrenderD
                        Dashrender @dafyre
                        last edited by

                        @dafyre said:

                        @Dashrender said:

                        Again, and I'll continue to state this, I would never do as @dafyre suggested and call patients based on an IP seeming to be coming from a bad location.

                        I never suggested I'd be calling patients. Only employees of the company that I work for.

                        My mistake.

                        dafyreD 1 Reply Last reply Reply Quote 1
                        • dafyreD
                          dafyre @Dashrender
                          last edited by

                          @Dashrender 8-) --

                          But this is one of the reasons that IT can be such a complicated field. You get ten different people talking about the same thing, you get three rabbit holes, 2 topics, and a whole mess of confusion, lol.

                          1 Reply Last reply Reply Quote 1
                          • DashrenderD
                            Dashrender
                            last edited by

                            Agreed.

                            When it comes to direct patient access, I probably wouldn't care where they access it from, and if I could skip all tracking of that I might consider it. That said who's to blame if a patients account is accessed using their credentials and the account holder didn't authorize it? The Covered Entity (CE)?

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @Dashrender
                              last edited by

                              @Dashrender said:

                              Agreed.

                              When it comes to direct patient access, I probably wouldn't care where they access it from, and if I could skip all tracking of that I might consider it. That said who's to blame if a patients account is accessed using their credentials and the account holder didn't authorize it? The Covered Entity (CE)?

                              Is that true even if they have their own account and someone authenticated as them? I'm am unaware of any such liability when proper precautions are taken.

                              DashrenderD 1 Reply Last reply Reply Quote 0
                              • drewlanderD
                                drewlander @Reid Cooper
                                last edited by

                                @Reid-Cooper said:

                                nd want to talk

                                No. If I wrote this it would be written in MVC for PHP. I was looking for an open source solution, found one and feel it needs some tweaks but its a good solution overall.

                                1 Reply Last reply Reply Quote 1
                                • drewlanderD
                                  drewlander @scottalanmiller
                                  last edited by

                                  @scottalanmiller said:

                                  he web logs for MangoLassi would tell us almost nothing. It would show only one connection for each tab that you have open rather than info about each page that you go to. That's why we rely on the application itself for stats. Only the app knows when it has shown a p

                                  I noticed this right away when I came to MLIT because the views tick at each view instead of unique views.

                                  1 Reply Last reply Reply Quote 1
                                  • drewlanderD
                                    drewlander @dafyre
                                    last edited by

                                    @dafyre I havent felt out the product yet, but I did install centOS into a vm last night, then installed nethserver and owncloud to check it all out. I still like this ProjectSend open source solution though.

                                    1 Reply Last reply Reply Quote 1
                                    • drewlanderD
                                      drewlander @dafyre
                                      last edited by

                                      @Dashrender said:
                                      " it can run using its own stand-alone user database or run using LDAP / AD for the User database. "

                                      I wouldnt want to tie it into AD except for system users. Client users (remote users) should not have accounts in my AD because thats one more thing I have to worry about.

                                      1 Reply Last reply Reply Quote 0
                                      • drewlanderD
                                        drewlander @scottalanmiller
                                        last edited by

                                        @scottalanmiller said:

                                        @coliver said:

                                        So if the user is liable for their own account why are you tracking IP addresses? You just said after you give them the information you are no longer responsible for how they access it.

                                        I'd say tracking IPs is bad because there is nothing good that could come from storing that information.

                                        Tracking IP's is not bad, but its not entirely reliable unless you make a reverse proxy connection.

                                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @drewlander
                                          last edited by

                                          @drewlander said:

                                          @scottalanmiller said:

                                          @coliver said:

                                          So if the user is liable for their own account why are you tracking IP addresses? You just said after you give them the information you are no longer responsible for how they access it.

                                          I'd say tracking IPs is bad because there is nothing good that could come from storing that information.

                                          Tracking IP's is not bad, but its not entirely reliable unless you make a reverse proxy connection.

                                          I meant in a context of HIPAA data. As a HIPAA compliant facility, you want to avoid having any data that you are not required to have. Holding data equals holding liability.

                                          1 Reply Last reply Reply Quote 0
                                          • drewlanderD
                                            drewlander @scottalanmiller
                                            last edited by

                                            @scottalanmiller said:

                                            Things you cannot know:

                                            • That the IP is from Japan
                                            • That the person is not supposed to be in Japan

                                            You know neither of these things. How do you want to react with misleading information that makes you assume one thing but doesn't mean that?

                                            I geoblock in my firewall, so I assure you any IP assigned to Japan is not making a connection to me. Therefore it is possible to know if traffic is coming from Japan. Unless of course they are going through a proxy or something.

                                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 8
                                            • 7 / 8
                                            • First post
                                              Last post