I hope they get the full fines
HeyJoe@lemmy.world 1 year ago
Found the info I was looking for in the article. The documents did not appear to be stored with any kind of encryption… so yeah this was terrible it happened, but it happened partially due to not spending enough on IT resources to guide them on proper practices for handling documents with confidential information and violated HIPAA. As someone who works in the field all patient information must be encrypted at rest or another form of encryption on the data must exist for it to fall within compliance. On top of this only the bare minimum amount of people should have access to this data and absolutely should have audit logs for anyone accessing the data normally through the 3rd party application used to store and lookup the information.
alienzx@feddit.nl 1 year ago
Treczoks@lemmy.world 1 year ago
Not that the audit logs would help anyone except listing "these files were copied by on ".
HeyJoe@lemmy.world 1 year ago
I was more referencing the application that they, hopefully, use to store their documents. I really hope they are not just stored in a directory, but I guess who knows… some of the applications I have used reference everything in audit logs from when it was uploaded, to who and when it is viewed, any changes, and more. Without the application the data is encrypted at rest so the files are useless without using the application to open them. We have others that are stored within an encrypted database or use blob storage thats encrypted. Anything, but never plain old windows for storage!