Question
What is the name of your state? Wyoming
I know my boss is violating hospital policy but I want to make sure they are violating HYPAA laws. I started to work there 2 months ago and I found a vulnerability in the medical software we use. I told my boss and they contacted the software provider. A week goes by and I ask them what is going on. They told them it is a known problem and it should be fixed on the next update. My boss told me _not to tell anyone because it may be a year till it is fixed_. The vulnerability is that anyone at a computer can access PMI with no authentication of any kind. Also anyone can bring in a computer and access PMI.
Also what about the company?
Answer
What is the name of your state? Wyoming
I know my boss is violating hospital policy but I want to make sure they are violating HYPAA laws. I started to work there 2 months ago and I found a vulnerability in the medical software we use. I told my boss and they contacted the software provider. A week goes by and I ask them what is going on. They told them it is a known problem and it should be fixed on the next update. My boss told me _not to tell anyone because it may be a year till it is fixed_. The vulnerability is that anyone at a computer can access PMI with no authentication of any kind. Also anyone can bring in a computer and access PMI.
Also what about the company?
Was there a legal question in there hidden someplace?
Answer
Is this a HIPAA violation and how (if any) liable is the company?
Answer
Is this a HIPAA violation and how (if any) liable is the company?
how the heck should a stranger on the internet who has not accessed the system to view the files available know? And the answer to the second question is dependent upon the answer to the first.
Answer
I may be repeating myself but it’s just to clarify. A person sitting at a computer (one already on the system or someone that brought one in) can access PHI by not using the software or needing to login to the hospitals network. A very simple scan from a 13 year old could find this vulnerability. And with 2 clicks see in straight text PHI.
Answer
[/quote Originally Posted by DCOLE View Post]
I may be repeating myself but it’s just to clarify. A person sitting at a computer (one already on the system or someone that brought one in) can access PHI by not using the software or needing to login to the hospitals network. A very simple scan from a 13 year old could find this vulnerability. And with 2 clicks see in straight text PHI.[/quote]
o.k. let's simplify this. Do you even know what constitutes a HIPAA violations (i.e., what specific information is required for there to be a HIPAA violation, including the circumstances for such?)
The mere fact that anyone can access a computer system is NOT a hipaa violation.
Answer
Sorry I will use PHI (protected health information) instead of PMI.
Answer
Did you get that HIPAA 101 for ya?
Answer
looks like you did.
Would anyone else like to give me advice or do I have to sit a listen to a “internet lawyer want-to-be”?
Answer
looks like you did.
Would anyone else like to give me advice or do I have to sit a listen to a “internet lawyer want-to-be”?
why is it so difficult for you to answer a specific question?
Answer
What question are you talking about!!!
Protected Health Information can be seen by more then should!
I am not here for a "chat session". I want advice
Answer
o.k. let's simplify this. Do you even know what constitutes a HIPAA violations (i.e., what specific information is required for there to be a HIPAA violation, including the circumstances for such?).
Does that look familiar?
Answer
I don’t know what you are talking about but all I want is advice. I must be missing something but I would rather hear from someone else.
If you “breeze” wants to really help me please talk to me like an adult and not a 13 year old “I am on the internet way to much" kid.
Answer
I don’t know what you are talking about but all I want is advice. I must be missing something but I would rather hear from someone else.
If you “breeze” wants to really help me please talk to me like an adult and not a 13 year old “I am on the internet way to much" kid.
O.K. child. Here it is in Pig latin.
What are your qualifications to determine a HIPAA violation? because nothing in your post even remotely points to one.
Answer
Pig latin… what the f
So what you are saying is that a non-authorized person can look at PHI at anytime and it is not a HIPAA violation?