

Are medical records private? - specialist

Somewhat rhetorical: Is the NSA or other government agency also slurping up our medical records?<p>I&#x27;m now out of the loop. This is a question I&#x27;m hoping someone is asking.<p>Back when I implemented health information exchanges, we often had live data feeds to the CDC. Which is a great idea. True, patient data is de-identified. But that&#x27;s meaningless if you have enough data to mine.<p>Data feeds between participants were typically SCP or VPN. But I have no idea how much protection that offers. Having worked with hospitals, I suspect the ends points are the weak links.<p>Sitting here listening to a presentation on the Affordable Care Act and all the reforms, including the new patient protections, I&#x27;m reminded to wonder what level of surveillance is being done.
======
iends
In my research for my masters degree we found that the security of ehr systems
was terrible (systems had Xss, SQL injection...pretty much the SANS top 25
most dangerous errors). In talking with a very large vendor (about 2 years ago
now) we found that they were just starting to think about security issues, but
were years behind best practices. (For more info [http://andrew-
austin.com/publications](http://andrew-austin.com/publications)).

With the push towards health information exchanges and interoperability, I
imagine systems are indeed wide open, not just to government agencies, but
also random people walking hrough your hospital.

