|
|
Mavericks and privacy/HIPPA
|
|
|
|
Mac Elite
Join Date: Oct 1999
Location: Walnut Creek, California
Status:
Offline
|
|
Does anyone know if there have been any reported privacy concerns with using Mavericks and iCloud? I work in the mental health field, and my company in the past has avoided using Google Drive because they can't guarantee HIPPA compliance.
I haven't updated OS X since Snow Leopard, but I am once again interested (with the price of Mavericks and all ). From what I understand, Lion and up keeps backup copies of documents, even if they have been deleted. This sounds like a privacy risk to me, and when dealing with patient's confidential information I want to be extra careful (We are not even allowed to send client information over email and through text message because the information sits on other people's servers).
Thanks in advance for anyone who can help me out.
|
|
|
|
|
|
|
|
|
Moderator
Join Date: May 2001
Location: Hilbert space
Status:
Offline
|
|
Originally Posted by Miniryu
Does anyone know if there have been any reported privacy concerns with using Mavericks and iCloud? I work in the mental health field, and my company in the past has avoided using Google Drive because they can't guarantee HIPPA compliance.
I haven't updated OS X since Snow Leopard, but I am once again interested (with the price of Mavericks and all ). From what I understand, Lion and up keeps backup copies of documents, even if they have been deleted. This sounds like a privacy risk to me, and when dealing with patient's confidential information I want to be extra careful (We are not even allowed to send client information over email and through text message because the information sits on other people's servers).
There are a few options for you to maintain backups.
(1) External hard drives require the same care as (paper) files: you need to lock them securely, but you definitely, definitely should keep backups -- preferably 2.
(2) Some internet backup services (e. g. Crashplan or Carbonite) offer HIPAA-compliant options, and I can highly recommend these »fire and forget« solutions. I personally use Crashplan.
(3) There are software solutions which encrypt everything on your machine, for instance you can use a Software such as xTwin and Amazon S3 on the back end. This way, only encrypted data lies on the Amazon servers. However, I don't know whether this solution is certified.
(4) Purchase a Transporter: this is not a backup solution, but just a solution that allows you to sync and access data everywhere. Basically, it's a private Dropbox, but the hard drive(s) stay fully under your control. If you want to stop access to the data, you just pull the plugs to your transporters. All the file transfers are encrypted, and it works rather transparently. I have recently bought one and it's more than fast enough for smaller files or things like videos.
|
I don't suffer from insanity, I enjoy every minute of it.
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Oct 1999
Location: Walnut Creek, California
Status:
Offline
|
|
Awesome! Thanks for the tips- particularly the Crashplan and Carbonite recommendations!
|
|
|
|
|
|
|
|
|
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
For portability, I use a Lok-It USB drive. The device is hardware encrypted, and isn't even recognized as a USB device at all unless it's been unlocked.
For general purpose security of patient data, look at the whole-disk encryption products. My medical school requires ALL computers, whether they're "supposed to be" used with patient data or not, to be set up with whole-disk encryption, and that's a great idea; too many opportunities for a computer to go missing, along with 15,000 patient records...
Your first concern should be HIPAA security of live data on your computer, with back up and archiving being a distant second. Losing control of a patient record can get you fined and even jailed, while simply "losing" a record you can't recover is merely a pain. If you can find a back up strategy that does both, you're set.
|
Glenn -----OTR/L, MOT, Tx
|
|
|
|
|
|
|
|
Moderator
Join Date: May 2001
Location: Hilbert space
Status:
Offline
|
|
Glenn raises an excellent point: perhaps you should activate FileFault, that's the name of Apple's disk encryption which is included (for free) in the OS. If you google it and find horror stories, those almost surely pertain to the old version which created an encrypted disk image. The new version of FileVault which has been included since 10.7 uses a modern design and doesn't come with the caveats.
|
I don't suffer from insanity, I enjoy every minute of it.
|
|
|
|
|
|
|
|
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status:
Offline
|
|
Originally Posted by OreoCookie
Glenn raises an excellent point: perhaps you should activate FileFault
Freudian slip?
|
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
|
|
|
|
|
|
|
|
Moderator
Join Date: May 2001
Location: Hilbert space
Status:
Offline
|
|
|
I don't suffer from insanity, I enjoy every minute of it.
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Oct 1999
Location: Walnut Creek, California
Status:
Offline
|
|
Originally Posted by ghporter
Your first concern should be HIPAA security of live data on your computer, with back up and archiving being a distant second. Losing control of a patient record can get you fined and even jailed, while simply "losing" a record you can't recover is merely a pain. If you can find a back up strategy that does both, you're set.
Maybe I wasn't clear. My concern wasn't with localized data, it was over Apple's move to sync and back up everything over the cloud. I just wanted to make sure that a record of client files weren't being backed-up and stored in iCloud somewhere (the way that photos and music are).
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status:
Offline
|
|
Photos and music aren't, unless this is expressly enabled.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status:
Offline
|
|
Another vote for CrashPlan. I've found it far superior to Carbonite. Backup of network volumes is included, and they let you cancel long-term contracts without penalty. At least, they used to. It's been awhile since I've needed to nuke an account, so it may have changed.
They have the external appearance (which is all you can really judge without using audited, open-source software) of doing proper security. If you use the highest level of security they require you to get through multiple dialogs warning you are totally SOL if you lose your encryption key. IOW, they claim not to have a copy.
The one downside to CrashPlan is it needs Java.
|
|
|
|
|
|
|
|
|
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
So your real question is whether or not specific data is backed up in the cloud, and/or how you might control that, is that right? If that's it, then you can simply go into your iCloud settings in System Preferences and disable iCloud Sync of Documents and Data. These settings are available on all devices that can connect to iCloud, so you can also set your iPad and iPhone to keep you local data local.
|
Glenn -----OTR/L, MOT, Tx
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jan 2003
Location: San Diego
Status:
Offline
|
|
Apple also has a MDM feature built in to OSX server that you could enroll iOS and Mac devices in and centrally prohibit staff from accidentally or deliberately using iCloud.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|