|
It's funny, because you seem to think that health care professionals, with their myriad Excel spreadsheets and mammoth stacks of SteelcaseĀ® file cabinets brimming with rainbow color-coordinated folders containing paper files seem to know the first thing about information security. These are non-technical people, who went to school mostly for biology and chemistry, or for the lowly clerks, and secretaries in your doctor's office, maybe two years of community college, with an associates degree in communications maybe. On average, take a random sample of the people who do the paper work for the lofty, priest-like physicians. Ask them what AES is, or what a SHA hash is, or even what SSL and TLS are. I guarantee you, that you'll get a blank stare. They know how to use the systems they're provided with, like they know how to open a bag of Oreo cookies. The doctors know how to pay IT professionals for services, like they know how to write a check, and know to procure electronic systems like they know how to make down payments on their Mercedes. You can be sure that they know how to shred all those e-mails that they print out and read over their morning coffee. It's only as private insofar as no one is supposed to look. This protects people under the law, in that, as a rule, certain information is not to be used as criteria for making certain business decisions. But this is merely a bureaucratic honor system, and it doesn't mean that people aren't aware of things they aren't supposed to know about. The information itself, frequently, isn't particularly "secure" according to more strenuous information security standards. Your credit card transactions are safer than your HIPAA information by a longshot, but mostly because there really isn't any sort of criminal profit motive behind obtaining and using that sort of information. |