This is one of those articles where I fear what I write will be read by a lot of people with preconceived notions of what I’m saying and therefore misunderstand the point I’m making. To be clear I’m not arguing for, or against privacy laws, I’m simply pointing out an effect that they are having in the real world. I think this is issue unknown to most, and the potential severity is ignored by those who should know better. I’m going to use HIPPA as an example because it’s the one I’m most familiar with and have actually worked with. This issue is affecting all industries though as companies fearing violations or potential lawsuits over information leaks push that liability to a growing industry of third parties.
Lets say you run a medical facility. You have a few options, you can bury your head in the sand and ignore HIPPA regulations. You can try your best to figure things out on your own, something that no office really has the time for. You can hire someone who has been trained and certified to take care of it. Or finally and this is the preferred option you can pay a cloud offsite secure hosting service to take over all your data. This is by far the most popular choice industry wide.
Everyone in your company simply launches a web browser, logs into a web site and takes care of all your data entry and forms online. Sounds amazing right. Everything is taken care of. All the liability is now on someone else’s shoulders. All the HIPPA required secure off site backups are taken care of. All the patient records are secure, well hopefully secure, ehh who cares if there is a breach you are no longer liable. It’s great you pay a reasonable fee, you are now compliant, you no longer even need a server, all you need is a computer that can get on the internet. What an amazing solution. These HIPPA compliant cloud soloutions are already a four billion dollar industry and they have jsut started to grow.
What an amazing solution for the increasing number of corporate Doctors offices, not so amazing for the patients in my opinion.
What we have done is create giant juicy targets. We have created huge server farms full of every important piece of data you can have on a person. Name, DoB, family history, in many case work history…
Think of the endless amounts of data that is sitting in a file that your Doctor has now placed “securely” online.
Sure we would like to think all this data is secure. I mean it should be relatively simple to make it very very secure. As we have seen with the now endless stream of credit card terminal breachs, and the recent Chase breath were servers company wide were hacked and gigabytes of personal data were stolen companies who should know better are terrible, lazy, and I’m sure in many case intentionally neglectful of security. We know there are endless amounts of companies that have a take the money and run approach to business. Ehh by the time they catch us we will have made so much the fines wont mater.
So who are these third party companies that are securing our data? Who is watching them? How many breaches have there been already that we don’t k now about?