ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    ProjectSend

    Scheduled Pinned Locked Moved IT Discussion
    storageprojectsend
    157 Posts 9 Posters 81.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dafyreD
      dafyre @Dashrender
      last edited by

      @Dashrender said:

      Again, and I'll continue to state this, I would never do as @dafyre suggested and call patients based on an IP seeming to be coming from a bad location.

      I never suggested I'd be calling patients. Only employees of the company that I work for.

      DashrenderD 1 Reply Last reply Reply Quote 1
      • DashrenderD
        Dashrender @dafyre
        last edited by

        @dafyre said:

        @Dashrender said:

        Again, and I'll continue to state this, I would never do as @dafyre suggested and call patients based on an IP seeming to be coming from a bad location.

        I never suggested I'd be calling patients. Only employees of the company that I work for.

        My mistake.

        dafyreD 1 Reply Last reply Reply Quote 1
        • dafyreD
          dafyre @Dashrender
          last edited by

          @Dashrender 8-) --

          But this is one of the reasons that IT can be such a complicated field. You get ten different people talking about the same thing, you get three rabbit holes, 2 topics, and a whole mess of confusion, lol.

          1 Reply Last reply Reply Quote 1
          • DashrenderD
            Dashrender
            last edited by

            Agreed.

            When it comes to direct patient access, I probably wouldn't care where they access it from, and if I could skip all tracking of that I might consider it. That said who's to blame if a patients account is accessed using their credentials and the account holder didn't authorize it? The Covered Entity (CE)?

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @Dashrender
              last edited by

              @Dashrender said:

              Agreed.

              When it comes to direct patient access, I probably wouldn't care where they access it from, and if I could skip all tracking of that I might consider it. That said who's to blame if a patients account is accessed using their credentials and the account holder didn't authorize it? The Covered Entity (CE)?

              Is that true even if they have their own account and someone authenticated as them? I'm am unaware of any such liability when proper precautions are taken.

              DashrenderD 1 Reply Last reply Reply Quote 0
              • drewlanderD
                drewlander @Reid Cooper
                last edited by

                @Reid-Cooper said:

                nd want to talk

                No. If I wrote this it would be written in MVC for PHP. I was looking for an open source solution, found one and feel it needs some tweaks but its a good solution overall.

                1 Reply Last reply Reply Quote 1
                • drewlanderD
                  drewlander @scottalanmiller
                  last edited by

                  @scottalanmiller said:

                  he web logs for MangoLassi would tell us almost nothing. It would show only one connection for each tab that you have open rather than info about each page that you go to. That's why we rely on the application itself for stats. Only the app knows when it has shown a p

                  I noticed this right away when I came to MLIT because the views tick at each view instead of unique views.

                  1 Reply Last reply Reply Quote 1
                  • drewlanderD
                    drewlander @dafyre
                    last edited by

                    @dafyre I havent felt out the product yet, but I did install centOS into a vm last night, then installed nethserver and owncloud to check it all out. I still like this ProjectSend open source solution though.

                    1 Reply Last reply Reply Quote 1
                    • drewlanderD
                      drewlander @dafyre
                      last edited by

                      @Dashrender said:
                      " it can run using its own stand-alone user database or run using LDAP / AD for the User database. "

                      I wouldnt want to tie it into AD except for system users. Client users (remote users) should not have accounts in my AD because thats one more thing I have to worry about.

                      1 Reply Last reply Reply Quote 0
                      • drewlanderD
                        drewlander @scottalanmiller
                        last edited by

                        @scottalanmiller said:

                        @coliver said:

                        So if the user is liable for their own account why are you tracking IP addresses? You just said after you give them the information you are no longer responsible for how they access it.

                        I'd say tracking IPs is bad because there is nothing good that could come from storing that information.

                        Tracking IP's is not bad, but its not entirely reliable unless you make a reverse proxy connection.

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @drewlander
                          last edited by

                          @drewlander said:

                          @scottalanmiller said:

                          @coliver said:

                          So if the user is liable for their own account why are you tracking IP addresses? You just said after you give them the information you are no longer responsible for how they access it.

                          I'd say tracking IPs is bad because there is nothing good that could come from storing that information.

                          Tracking IP's is not bad, but its not entirely reliable unless you make a reverse proxy connection.

                          I meant in a context of HIPAA data. As a HIPAA compliant facility, you want to avoid having any data that you are not required to have. Holding data equals holding liability.

                          1 Reply Last reply Reply Quote 0
                          • drewlanderD
                            drewlander @scottalanmiller
                            last edited by

                            @scottalanmiller said:

                            Things you cannot know:

                            • That the IP is from Japan
                            • That the person is not supposed to be in Japan

                            You know neither of these things. How do you want to react with misleading information that makes you assume one thing but doesn't mean that?

                            I geoblock in my firewall, so I assure you any IP assigned to Japan is not making a connection to me. Therefore it is possible to know if traffic is coming from Japan. Unless of course they are going through a proxy or something.

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • drewlanderD
                              drewlander @Dashrender
                              last edited by

                              @Dashrender said:
                              LOL, our current EHR company does ban access to their systems from most middle east and chinese based IPs. So yeah, they do deny you. Is it right? who am I to say?

                              If I was McDonald's fast food I would not Geoblock because I would be a multinational company. Athena Healthcare however... No one in Ukraine has any business making a connection so I dont see why they wouldnt block traffic from a foreign country.

                              scottalanmillerS 1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @drewlander
                                last edited by

                                @drewlander said:

                                I geoblock in my firewall, so I assure you any IP assigned to Japan is not making a connection to me. Therefore it is possible to know if traffic is coming from Japan. Unless of course they are going through a proxy or something.

                                There was another thread just today about how @Carnival-Boy's connection is showing him as France, but he is not. There is no reliable geo-location service for IPs today even when we don't VPN or proxy. As someone outside of the US, that stuff is wrong a lot of the time and people choose to appear as different countries intentionally all of the time.

                                Geo-location blocking is tough because it blocks the good guys and not the bad guys.

                                drewlanderD 1 Reply Last reply Reply Quote 0
                                • drewlanderD
                                  drewlander @Jason
                                  last edited by

                                  @Jason said:

                                  You have to do a lot of tracking to determine what is normal. IPs change. People move around a lot. People use Cellular devices. Heck the actual IP address for Celluar devices will often show different states.

                                  Good point. If a customer called me however and said they cannot access a document on a secure document exchange server from their mobile device, I would probably tell them to go to a computer. No one should be storing PHI on their cellphone.

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @drewlander
                                    last edited by

                                    @drewlander said:

                                    @Dashrender said:
                                    LOL, our current EHR company does ban access to their systems from most middle east and chinese based IPs. So yeah, they do deny you. Is it right? who am I to say?

                                    If I was McDonald's fast food I would not Geoblock because I would be a multinational company. Athena Healthcare however... No one in Ukraine has any business making a connection so I dont see why they wouldnt block traffic from a foreign country.

                                    And that's where it's wrong. If I am an Athena healthcare customer and travel to the Ukraine and they block me getting access to my services they are likely breaking the law. The idea that people should be blocked from things that they have the right to access because our opinion of their location is that they should not be allowed to travel there is odd. Only in the US would the idea of blocking customers because they travel come up, it's so completely an American-only mindset.

                                    drewlanderD 1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @drewlander
                                      last edited by

                                      @drewlander said:

                                      @Jason said:

                                      You have to do a lot of tracking to determine what is normal. IPs change. People move around a lot. People use Cellular devices. Heck the actual IP address for Celluar devices will often show different states.

                                      Good point. If a customer called me however and said they cannot access a document on a secure document exchange server from their mobile device, I would probably tell them to go to a computer. No one should be storing PHI on their cellphone.

                                      Why is that? What if that is all that they have? Why would a medical facility get involved in determining the appropriateness of device types for customers? That seems fundamentally wrong. And what if one facility decides that only "Windows is okay" and the next that "only phones are okay" and the next says "Only Macs are secure."

                                      We are getting into IT wanting to be in charge of everything from where customers travel, which customers are given access and from what operating systems they are allowed to access their own data.

                                      drewlanderD 1 Reply Last reply Reply Quote 0
                                      • drewlanderD
                                        drewlander @scottalanmiller
                                        last edited by

                                        @scottalanmiller said:

                                        @drewlander said:

                                        I geoblock in my firewall, so I assure you any IP assigned to Japan is not making a connection to me. Therefore it is possible to know if traffic is coming from Japan. Unless of course they are going through a proxy or something.

                                        There was another thread just today about how @Carnival-Boy's connection is showing him as France, but he is not. There is no reliable geo-location service for IPs today even when we don't VPN or proxy. As someone outside of the US, that stuff is wrong a lot of the time and people choose to appear as different countries intentionally all of the time.

                                        Geo-location blocking is tough because it blocks the good guys and not the bad guys.

                                        It's "best effort", not an exact science of course. I download CIDR's and update every night through scripts. Chances are this would not happen often, but with IPv6 catching on I cannot say what a good long term solution would be.

                                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller
                                          last edited by

                                          If you are Athena, sure you might have a right to block where someone accesses from (and maybe you don't, discrimination laws may apply) but the most important thing is why would you care? It makes absolutely zero sense for a healthcare facility or insurance company to take on additional liability potentially legal liability and certainly customer relations liability for capriciously deciding what customers "should or should not be allowed to do."

                                          1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller @drewlander
                                            last edited by

                                            @drewlander said:

                                            @scottalanmiller said:

                                            @drewlander said:

                                            I geoblock in my firewall, so I assure you any IP assigned to Japan is not making a connection to me. Therefore it is possible to know if traffic is coming from Japan. Unless of course they are going through a proxy or something.

                                            There was another thread just today about how @Carnival-Boy's connection is showing him as France, but he is not. There is no reliable geo-location service for IPs today even when we don't VPN or proxy. As someone outside of the US, that stuff is wrong a lot of the time and people choose to appear as different countries intentionally all of the time.

                                            Geo-location blocking is tough because it blocks the good guys and not the bad guys.

                                            It's "best effort", not an exact science of course. I download CIDR's and update every night through scripts. Chances are this would not happen often, but with IPv6 catching on I cannot say what a good long term solution would be.

                                            Yes, but "best effort" involving blocking your users seems odd. Which customers do you want to false positive?

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 8
                                            • 3 / 8
                                            • First post
                                              Last post