[mertcelebi]

Hi ams6110 - we also use Aptible! It is definitely true that the old, fax-based system is not so prone to mass data breaches. That is one of the reasons why hospitals still use fax to transfer medical information.

But, at PatientBank, security and privacy of our patients are our top priorities. So, we go above and beyond what HIPAA recommends in terms of security best practices. You can read more about that here: https://www.patientbank.us/legal/hipaa

[Pfhreak]

The concern, I think, is that all the leaf nodes outside of your direct control also need to be secure. All the nurses, doctors, and other caregivers with access to the system need to be prevented from exposing that data. Is it possible for that data to end up on USB drive? A laptop? Sent in plaintext anywhere? etc.

The protection needs to be automatic. Training people is a "good intentions" solution, and will always result in failures. It should be mechanically impossible for the data to escape in a way you do not approve of.

[kaybe]

This data is worth too much to be fully secure ever imho.

And it's not like it expires. You can change your credit card number, you can change all your leaked passwords, but you can't change your past. Once it's breached it's out there until the end of tech.