I think we're not getting through to them.

[margaretc.livejournal.com]

I was at my dentist's office yesterday, relaxing in the massage chair waiting for the dentist, when I heard the following conversation from down the hall.

Dental employee 1: Hey, what's the password for the patient program?
DE2: I think it's 'jennifer'.
DE1: Yeah, that's it!

When my dentist came back in I said to him "Tell them to quit yelling passwords down the hall to each other."

Dentist: Oh, were they?
me (gritting teeth): Yes.

Dentist goes away to get something else, and while he's gone I hear him say something to the employees.

DE1 & 2: Oh, did she hear us? *giggle*

me: *sigh*

I suppose it's useless even considering trying to get them to use complex passwords.

Comments

[falnfenix]

yeah, they keep that up and HIPAA is going to be up their asses. what they did is a MAJOR no-no.

[blossomingfire.livejournal.com]

Yes, pass go, collect $20,000.

[falnfenix]

ding.

[margaretc.livejournal.com]

Actually, dentists are barely concerned with HIPAA at all. Someone has to be harmed by the release of information and also prove that they were harmed in a demonstrable fashion by that release of information. There's not much harmful knowledge about people's teeth. It might be embarrassing for it to be generally known that you've got 3 false front teeth, but unless you can prove emotional or financial injury (like getting fired because of it), there's nothing actionable.

[falnfenix]

except, it's still illegal.

[ravenshrinkery.livejournal.com]

You're right, in that you personally cannot go after somebody for this breach. However, the government can even if no harm was caused to you. The reason for that is simple. If the standard was "do what you want so long as nobody got hurt" - the old standard, unenforced as it went, - nobody would do it. HIPPA is hugely expensive to enforce within an organization, quite possibly more so than the cost of litigating breaches of confidentiality and the like.

[mouser.livejournal.com]

You're lucky they even have passwords.

My doctor was amazed by one of his office workers last week when he found out you could get maps off the internet.

They didn't show him you could get directions as well. Didn't want to shock him...

[compwizrd.livejournal.com]

I was absolutely shocked when someone asked me to install Google Earth on their computer.. I was surprised just they knew what Google was...

[tragnon.livejournal.com]

Don't forget to invoice him for "Computer Security Consult"...

[jjjiii]

Hey! I'm sure that, once you get to really know Jennifer, you'll see that she is complex, not to mention deep.

[soruk.livejournal.com]

....and is anybody's for a fiver.

[natertots.livejournal.com]

that's.... frighteningly common.

[tsaiko.livejournal.com]

That reminds me of the time I was in a department store that had a random computer sitting in the middle of the clothing aisle. Taped onto the computer was a user name and password. Of course, being the kind of person I was, I immediately type in the user name and password.

Oh look! Inventory and sales information! Who knew this store did that much business in the month or sold that many Calvin Klein bedsets? If only i worked for a competitor...