Re HIPAA compliant system design

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: Rich Kulawiec <rsk () gsp org>
> Date: March 25, 2018 at 5:29:01 AM EDT
> To: dave () farber net
> Subject: Re: [IP] HIPAA compliant system design
>
> (for IP, if you wish)
>
> I'm HIPAA-certified and have appreciable experience running an operation
> where it was in play (along with other regulatory measures and contractual
> obligations).
>
> It's a good start, but HIPAA is woefully outdated in a number of areas.
> To pick one of those, it doesn't consider the enormous progress made
> in re-identification.  See for example:
>
>    A Systematic Review of Re-Identification Attacks on Health Data
>    http://journals.plos.org/plosone/article?id=10.1371/journal.pone.0028071
>
> as well as the work done by folks like Arvand Narayanan and colleagues
> at Princeton:
>
>    De-anonymization is not X: The Need for Re-identification Science
>    https://33bits.wordpress.com/2009/10/14/de-anonymization-is-not-x-the-need-for-re-identification-science/
>
> Let me summarize this topic area: if someone points to a data set and says "this
> has been de-identified", they're probably wrong.  It turns out to be much harder
> than it looks, and the landscape is littered with failures.
>
> We're going to need a new regulatory framework that takes this and much more
> into account and includes mechanisms for vesting control over our data (and
> our metadata) in us.
>
> ---rsk



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20180325075745:B8CB9850-3023-11E8-B6A8-FB329E341493
Powered by Listbox: http://www.listbox.com