Reply to post: Re: Lax US Security Rules????

Premera healthcare: US govt security audit gave hacked biz thumbs up

Eric Olson

Re: Lax US Security Rules????

HIPAA was updated with the ACA (I think) to extend the same protections on physical data to electronic health records. How every company implements those requirements, or if they've decided that a claim filed through a provider portal should have the same level of security as one sent via fax probably varies much more than necessary. To me, it's logical that an electronic claim is protected the same way a paper claim is, especially since even before electronic claims became a thing, those paper claims were often entered into some green-text "UI" that used keystrokes and Function keys to navigate (I noticed those still existed in 2014).

The reality is that the OPM's audit was likely more concerned about the protection of the federal employees then the overall security of the system. And as many federal contracts demand security that is in excess of the legal requirements, companies often maintain separate datastores, user tables, and even applications to deal with those requirements. One the other side, non-governmental clients worry about things like the company logo is scaling properly, the exact color hex codes are used for the portal, and that their employees are being served an HR-approved message on some tertiary screen that is only accessed during 0.1% of all portal sessions, likely the HR bod worried about the messaging.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon