ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Local Encryption ... Why Not?

    IT Discussion
    15
    357
    173.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BRRABillB
      BRRABill @scottalanmiller
      last edited by

      @scottalanmiller said:

      We are talking about an employee who has legitimate access to data to do their job and decides to take that data out of your systems and steal it. There is no technical means of preventing this, this is data that the end user was allowed to have and decided to steal. There is nothing to investigate except for the end user.

      It is YOUR data that was used improperly. It is a breach and has to be reported.

      If YOU did everything you were supposed to, you will be fine.

      But it is still a loss of your data.

      scottalanmillerS 1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @BRRABill
        last edited by

        @BRRABill said:

        @scottalanmiller said:

        That's possibly true. Although I know from this past week of nurses violating HIPAA left and right telling patients in facilities about other patients in the same facility.

        In 2015 that is just ridiculous.

        I've seen just about zero change of behaviour in medical professionals after HIPAA. Data is just disclosed left and right.

        I wonder if you have to disclose breaches when you have nurses who just openly talk about patients. Do they classify that as just one breach at a time so tons and tons of one record breaches? Or is that one nurse (and it was many) accountable for the cumulative exposure of more than 500 over time? How close in chronological time do exposures have to be to be constituted a breach?

        1 Reply Last reply Reply Quote 1
        • scottalanmillerS
          scottalanmiller @BRRABill
          last edited by

          @BRRABill said:

          @scottalanmiller said:

          We are talking about an employee who has legitimate access to data to do their job and decides to take that data out of your systems and steal it. There is no technical means of preventing this, this is data that the end user was allowed to have and decided to steal. There is nothing to investigate except for the end user.

          It is YOUR data that was used improperly. It is a breach and has to be reported.

          If YOU did everything you were supposed to, you will be fine.

          But it is still a loss of your data.

          Sure, has to be reported. Has to be investigated. No question there. Just saying, if the breach happened outside of the IT systems IT doesn't even need to be investigated as the data was outside of controls when it happened.

          1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller
            last edited by

            I know that just last year Baylor hospital system was using HIPAA violations to pull medical records to use in attempts to extort money from family members of patients in Texas.

            BRRABillB 1 Reply Last reply Reply Quote 0
            • BRRABillB
              BRRABill @scottalanmiller
              last edited by

              @scottalanmiller said:

              I know that just last year Baylor hospital system was using HIPAA violations to pull medical records to use in attempts to extort money from family members of patients in Texas.

              I mean, that is the reasoning behind it.

              Or to prevent a corporation from mining the patient data for profit.

              The joke it has evolved into is ridiculous.

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @BRRABill
                last edited by

                @BRRABill said:

                @scottalanmiller said:

                I know that just last year Baylor hospital system was using HIPAA violations to pull medical records to use in attempts to extort money from family members of patients in Texas.

                I mean, that is the reasoning behind it.

                Or to prevent a corporation from mining the patient data for profit.

                The joke it has evolved into is ridiculous.

                Yup, and mining for profit is what they were doing there. And because there isn't public, mass breach but just individuals being extorted there is no way to get HIPAA involved by the public who are being extorted.

                1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller
                  last edited by

                  This thread shot to the top of the most popular charts pretty quickly!

                  BRRABillB 1 Reply Last reply Reply Quote 1
                  • BRRABillB
                    BRRABill @scottalanmiller
                    last edited by

                    @scottalanmiller said:

                    This thread shot to the top of the most popular charts pretty quickly!

                    And it's not even really done yet.

                    Though to be fair, it kind of delved out into the HIPAA landscape, which was inevitable but not necessarily desirable.

                    1 Reply Last reply Reply Quote 1
                    • scottalanmillerS
                      scottalanmiller
                      last edited by

                      Yes, the original question was more generic. HIPAA has much better reasons to look at general encryption.

                      1 Reply Last reply Reply Quote 0
                      • dafyreD
                        dafyre
                        last edited by

                        Most topics here tend to branch out... sometimes not too far out (like this one)... and other times, they branch out into left field in somebody else's baseball park, lol.

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @dafyre
                          last edited by

                          @dafyre said:

                          Most topics tend to branch out...

                          FTFY. It is the nature of conversations. Go to the diner with friends, sit around having coffee for a few hours and a topic that starts things, like the weather or the nature of freedom or do we really exists at all will lead from one topic into another and take tangents and sometimes return and sometimes not. Conversations naturally go in all different directions.

                          That it happens here too is both just organic and it is an intrinsic nature of a community and discussion forum rather than being a Q&A forum a la StackOverflow.

                          BRRABillB 1 Reply Last reply Reply Quote 1
                          • BRRABillB
                            BRRABill @scottalanmiller
                            last edited by

                            @scottalanmiller said:

                            FTFY. It is the nature of conversations. Go to the diner with friends, sit around having coffee for a few hours and a topic that starts things, like the weather or the nature of freedom or do we really exists at all will lead from one topic into another and take tangents and sometimes return and sometimes not. Conversations naturally go in all different directions.

                            That it happens here too is both just organic and it is an intrinsic nature of a community and discussion forum rather than being a Q&A forum a la StackOverflow.

                            Are you purposely trying to branch this out into a THIRD discussion? 😉

                            1 Reply Last reply Reply Quote 1
                            • scottalanmillerS
                              scottalanmiller
                              last edited by

                              It just happens organically.

                              1 Reply Last reply Reply Quote 1
                              • BRRABillB
                                BRRABill
                                last edited by

                                @scottalanmiller

                                So bringing this offshoot back here.

                                I think I now understand you are talking about, if it makes sense, to store all the data in the cloud, and work on none of it locally.

                                However, is there is a need to produce something locally, it might be needed to bring it down, and hence you would need to secure it in whatever way deemed necessary.

                                For example, doing a postal mailing from a list of PHI from a medical client.

                                dafyreD scottalanmillerS 2 Replies Last reply Reply Quote 0
                                • dafyreD
                                  dafyre @BRRABill
                                  last edited by

                                  @BRRABill said:

                                  @scottalanmiller

                                  So bringing this offshoot back here.

                                  I think I now understand you are talking about, if it makes sense, to store all the data in the cloud, and work on none of it locally.

                                  However, is there is a need to produce something locally, it might be needed to bring it down, and hence you would need to secure it in whatever way deemed necessary.

                                  Right. And then upload it back to your non-local storage after you have finished working with it.

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @BRRABill
                                    last edited by

                                    @BRRABill said:

                                    @scottalanmiller

                                    So bringing this offshoot back here.

                                    I think I now understand you are talking about, if it makes sense, to store all the data in the cloud, and work on none of it locally.

                                    However, is there is a need to produce something locally, it might be needed to bring it down, and hence you would need to secure it in whatever way deemed necessary.

                                    For example, doing a postal mailing from a list of PHI from a medical client.

                                    Any reason that you would want to do the printing with data locally on the end client rather than directly from the SaaS application?

                                    1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller
                                      last edited by

                                      If you are using the online version of MS Office, you don't need to pull data down locally to print. So if you were to send me an Excel spreadsheet to print, it would open directly from OWA to Hosted Excel. Then when I tell it to print, it would do it from there. No need for local data for that kind of task, for example.

                                      BRRABillB 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @dafyre
                                        last edited by

                                        @dafyre said:

                                        @BRRABill said:

                                        @scottalanmiller

                                        So bringing this offshoot back here.

                                        I think I now understand you are talking about, if it makes sense, to store all the data in the cloud, and work on none of it locally.

                                        However, is there is a need to produce something locally, it might be needed to bring it down, and hence you would need to secure it in whatever way deemed necessary.

                                        Right. And then upload it back to your non-local storage after you have finished working with it.

                                        Yup. Hard to come up with real world cases where this would be necessary, though. You have to come up with stuff like "local video editing" where you are using a laptop instead of a workstation and can't do it on a hosted SaaS application. These cases exist, but they are very rare and specialty today.

                                        1 Reply Last reply Reply Quote 0
                                        • BRRABillB
                                          BRRABill @scottalanmiller
                                          last edited by

                                          @scottalanmiller said:

                                          If you are using the online version of MS Office, you don't need to pull data down locally to print. So if you were to send me an Excel spreadsheet to print, it would open directly from OWA to Hosted Excel. Then when I tell it to print, it would do it from there. No need for local data for that kind of task, for example.

                                          When I did that, it made a PDF to download.

                                          Now, granted, this was the free version of Word, and on a Mac.

                                          So perhaps it would work as you say with the full version.

                                          DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
                                          • DashrenderD
                                            Dashrender @BRRABill
                                            last edited by

                                            @BRRABill said:

                                            @scottalanmiller said:

                                            If you are using the online version of MS Office, you don't need to pull data down locally to print. So if you were to send me an Excel spreadsheet to print, it would open directly from OWA to Hosted Excel. Then when I tell it to print, it would do it from there. No need for local data for that kind of task, for example.

                                            When I did that, it made a PDF to download.

                                            Now, granted, this was the free version of Word, and on a Mac.

                                            So perhaps it would work as you say with the full version.

                                            What do you mean? you choose the option to print and it didn't print, instead it offered you a PDF?

                                            BRRABillB 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 17
                                            • 18
                                            • 2 / 18
                                            • First post
                                              Last post