Interesting People mailing list archives
more on Med record privacy and offshore workers..
From: Dave Farber <dave () farber net>
Date: Sun, 26 Oct 2003 05:07:21 -0400
From: Peter Swire <peter () peterswire net> Dave: The story shows the risks of sub-contracting in any industry -- the company loses some control over how its work is done. There's nothing special here about medical privacy. A different out-sourcer might have access to the passwords or encryption keys of people in the company and try blackmail that way. Under the HIPAA privacy rules, the University hospital is required to have a "business associate contract" with these out-sourcers. There are various enforcement terms built into the contract, including canceling the contract for violations known by the hospital. Some people have criticized these contracts as needless paperwork and burden on the health system. The story to me suggests the contracts may be appropriate -- they have set a standard of good practice in the industry, and there are sanctions on an overseas company that violates the contract. The main sanction, in practice, is loss of the hospital's business. Peter Prof. Peter P. Swire Moritz College of Law of the Ohio State University Consultant, Morrison & Foerster LLP Formerly, Chief Counselor for Privacy in the U.S. Office of Management and Budget(240) 994-4142, www.peterswire.net
------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Med record privacy and offshore workers.. Dave Farber (Oct 26)