RE: Displaying Data in web browser. Indefinitely.

[Gregory Park]

I believe the correct answer is more litigious than technical.  Obviously this sounds like a area that is compromised, but maybe not...depending on your internal analysis.  There are lots of questions here regarding WEB applications and security as a general question, but I think it would be little effort to place application time-outs in your code to eliminate "look over the shoulder breaches". 

 

But then again, these are patient's looking at their own data on their own computer systems mostly in their own homes?  Probably you could make a case and say there is little to no risk of information leakage. 

 

I think maybe you would want application time-outs in your application above and beyond the security issue.  From an application/server perspective I would want those accounts off my server as soon as possible.

 

Greg Park
Product Manager
DB Technology Inc.
Office:          800-760-4096 x117
Cell:             484-919-0392
PA Office:     610-397-0288

www.dbtech.com

-----Original Message-----
From: Hipaa Learner [mailto:[EMAIL PROTECTED]
Sent: Friday, March 14, 2003 8:08 PM
To: WEDI SNIP Privacy Workgroup List
Subject: Displaying Data in web browser. Indefinitely.

 

We developed a web based application where in patient data get displayed in end user browser. User ID is required to log in to web site and it uses HTTPS to login. My question is, some one logs in,.view the data.. walks away from computer. Since he has not logged out from our website, patient sensitive data is still displayed on his computer. Does it a violation of HIPAA security rule ?  thanks for your suggestion.

 

---

Do you Yahoo!?
Yahoo! Web Hosting - establish your business online --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org