Hi Rusty,
Tyrus Maynard wrote:
> Could you elaborate on the pitfalls of using a
> "consumer" product and is that due to default
> configuration or inherent hardware that cannot
> be configured as necessary or provide some
> version or standard of service?
> version or standard of service?
Depending on *which* consumer product we're talking about,
it could be either or both. Computer security is a subject for experts
today. I am not an expert in this field, but have friends who are. I
can't even follow a conversation ;-) It's easy to get your feet wet
though. Do a Google on "wireless network vulnerabilities" to get
started. You will probably, as I did, quickly come to the conclusion that
this is a non-trivial topic for EHR systems.
> Are your references describing what is missing
> in specific consumer wireless hubs, with specific
> anecdotes of a HIPPA infraction?
If you read the Security Rule ( http://www.cms.hhs.gov/hipaa/hipaa2/regulations/security/default.asp ) you'll see that the government has declined to provide
specifics that would keep either a healthcare provider or an IT provider to them
"safe." Here's what CFR 45 says.
Section 1173(d) of the Act provides that covered
entities that maintain or transmit health information are required to maintain
reasonable and appropriate administrative, physical, and technical safeguards to
ensure the integrity and confidentiality of the information and to protect
against any reasonably anticipated threats or hazards to the security or
integrity of the information and unauthorized use or disclosure of the
information.
"Reasonable and appropriate" are the words to key
on. Computer security is an evolving field and so the accepted definitions
of these words will also evolve. There are a whole slew of questions
I would want, as a consultant / contractor, to be ready to answer to
defend the choice of a consumer, rather than an industrial grade, product in
this highly sensitive area.
> This seems ominous and worthy of details on
> this thread
I agree whole heartedly.
Best regards,
Bill
