Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > Mac OS X > Mavericks and privacy/HIPPA

Mavericks and privacy/HIPPA
Thread Tools
Mac Elite
Join Date: Oct 1999
Location: Walnut Creek, California
Status: Offline
Reply With Quote
Oct 28, 2013, 05:49 PM
 
Does anyone know if there have been any reported privacy concerns with using Mavericks and iCloud? I work in the mental health field, and my company in the past has avoided using Google Drive because they can't guarantee HIPPA compliance.

I haven't updated OS X since Snow Leopard, but I am once again interested (with the price of Mavericks and all ). From what I understand, Lion and up keeps backup copies of documents, even if they have been deleted. This sounds like a privacy risk to me, and when dealing with patient's confidential information I want to be extra careful (We are not even allowed to send client information over email and through text message because the information sits on other people's servers).

Thanks in advance for anyone who can help me out.

"Sing it again, rookie beyach."
My website
     
Moderator
Join Date: May 2001
Location: Hilbert space
Status: Offline
Reply With Quote
Oct 28, 2013, 06:55 PM
 
Originally Posted by Miniryu View Post
Does anyone know if there have been any reported privacy concerns with using Mavericks and iCloud? I work in the mental health field, and my company in the past has avoided using Google Drive because they can't guarantee HIPPA compliance.

I haven't updated OS X since Snow Leopard, but I am once again interested (with the price of Mavericks and all ). From what I understand, Lion and up keeps backup copies of documents, even if they have been deleted. This sounds like a privacy risk to me, and when dealing with patient's confidential information I want to be extra careful (We are not even allowed to send client information over email and through text message because the information sits on other people's servers).
There are a few options for you to maintain backups.
(1) External hard drives require the same care as (paper) files: you need to lock them securely, but you definitely, definitely should keep backups -- preferably 2.
(2) Some internet backup services (e. g. Crashplan or Carbonite) offer HIPAA-compliant options, and I can highly recommend these Ā»fire and forgetĀ« solutions. I personally use Crashplan.
(3) There are software solutions which encrypt everything on your machine, for instance you can use a Software such as xTwin and Amazon S3 on the back end. This way, only encrypted data lies on the Amazon servers. However, I don't know whether this solution is certified.
(4) Purchase a Transporter: this is not a backup solution, but just a solution that allows you to sync and access data everywhere. Basically, it's a private Dropbox, but the hard drive(s) stay fully under your control. If you want to stop access to the data, you just pull the plugs to your transporters. All the file transfers are encrypted, and it works rather transparently. I have recently bought one and it's more than fast enough for smaller files or things like videos.
I don't suffer from insanity, I enjoy every minute of it.
     
Miniryu  (op)
Mac Elite
Join Date: Oct 1999
Location: Walnut Creek, California
Status: Offline
Reply With Quote
Oct 29, 2013, 04:37 AM
 
Awesome! Thanks for the tips- particularly the Crashplan and Carbonite recommendations!

"Sing it again, rookie beyach."
My website
     
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Oct 29, 2013, 09:19 PM
 
For portability, I use a Lok-It USB drive. The device is hardware encrypted, and isn't even recognized as a USB device at all unless it's been unlocked.

For general purpose security of patient data, look at the whole-disk encryption products. My medical school requires ALL computers, whether they're "supposed to be" used with patient data or not, to be set up with whole-disk encryption, and that's a great idea; too many opportunities for a computer to go missing, along with 15,000 patient records...

Your first concern should be HIPAA security of live data on your computer, with back up and archiving being a distant second. Losing control of a patient record can get you fined and even jailed, while simply "losing" a record you can't recover is merely a pain. If you can find a back up strategy that does both, you're set.

Glenn -----OTR/L, MOT, Tx
     
Moderator
Join Date: May 2001
Location: Hilbert space
Status: Offline
Reply With Quote
Oct 30, 2013, 09:39 AM
 
Glenn raises an excellent point: perhaps you should activate FileFault, that's the name of Apple's disk encryption which is included (for free) in the OS. If you google it and find horror stories, those almost surely pertain to the old version which created an encrypted disk image. The new version of FileVault which has been included since 10.7 uses a modern design and doesn't come with the caveats.
I don't suffer from insanity, I enjoy every minute of it.
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Oct 30, 2013, 12:49 PM
 
Originally Posted by OreoCookie View Post
Glenn raises an excellent point: perhaps you should activate FileFault
Freudian slip?

The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
Moderator
Join Date: May 2001
Location: Hilbert space
Status: Offline
Reply With Quote
Oct 30, 2013, 01:59 PM
 
Hahaha, good catch.
I don't suffer from insanity, I enjoy every minute of it.
     
Miniryu  (op)
Mac Elite
Join Date: Oct 1999
Location: Walnut Creek, California
Status: Offline
Reply With Quote
Nov 24, 2013, 05:10 PM
 
Originally Posted by ghporter View Post
Your first concern should be HIPAA security of live data on your computer, with back up and archiving being a distant second. Losing control of a patient record can get you fined and even jailed, while simply "losing" a record you can't recover is merely a pain. If you can find a back up strategy that does both, you're set.
Maybe I wasn't clear. My concern wasn't with localized data, it was over Apple's move to sync and back up everything over the cloud. I just wanted to make sure that a record of client files weren't being backed-up and stored in iCloud somewhere (the way that photos and music are).

"Sing it again, rookie beyach."
My website
     
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Nov 24, 2013, 05:27 PM
 
Photos and music aren't, unless this is expressly enabled.
     
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status: Offline
Reply With Quote
Nov 24, 2013, 09:44 PM
 
Another vote for CrashPlan. I've found it far superior to Carbonite. Backup of network volumes is included, and they let you cancel long-term contracts without penalty. At least, they used to. It's been awhile since I've needed to nuke an account, so it may have changed.

They have the external appearance (which is all you can really judge without using audited, open-source software) of doing proper security. If you use the highest level of security they require you to get through multiple dialogs warning you are totally SOL if you lose your encryption key. IOW, they claim not to have a copy.

The one downside to CrashPlan is it needs Java.
     
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Nov 25, 2013, 06:28 AM
 
So your real question is whether or not specific data is backed up in the cloud, and/or how you might control that, is that right? If that's it, then you can simply go into your iCloud settings in System Preferences and disable iCloud Sync of Documents and Data. These settings are available on all devices that can connect to iCloud, so you can also set your iPad and iPhone to keep you local data local.

Glenn -----OTR/L, MOT, Tx
     
Mac Elite
Join Date: Jan 2003
Location: San Diego
Status: Offline
Reply With Quote
Nov 26, 2013, 12:48 AM
 
Apple also has a MDM feature built in to OSX server that you could enroll iOS and Mac devices in and centrally prohibit staff from accidentally or deliberately using iCloud.
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 08:25 PM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2