Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 10 holds your medical and health records ???


  • Please log in to reply
31 replies to this topic

#1 jargos

jargos

  • Members
  • 664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney Australia
  • Local time:12:22 AM

Posted 18 November 2015 - 07:33 PM

In a couple of other threads, during certain discussions and links  given by other posters, I glanced at a link to what appeared to be a reputable IT site, that said to the effect ..

 

W10 gets and keeps your medical / health records - but promises not to abuse them .. or something ..

 

Obviously, what I just said above is heavily paraphrased - could even be wrong. And I have searched around before opening this thread, but can't find that link. It could be edited out.

 

So, my question is, does anyone have any info on this, and if it is largely the case, what are your views ?

 

You can guess mine up front :-)


Linux Mint 17.2 Cinnamon on older, Pentium 4 desktop.

Win 7 on Medion Akoya i3 laptop


BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:06:22 AM

Posted 18 November 2015 - 07:39 PM

Sounds like HIPPA compliance issues. Good luck with that MS if it's true to any degree.

http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 JohnC_21

JohnC_21

  • Members
  • 22,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 AM

Posted 18 November 2015 - 07:50 PM

http://www.averyjenkins.com/?p=1767

 

https://www.linkedin.com/pulse/does-windows-10-violate-hipaa-steve-hoffenberg

 

Edit: Added link

 

http://blog.capterra.com/hipaa-compliance-and-windows-10-5-things-you-need-to-know/


Edited by JohnC_21, 18 November 2015 - 08:43 PM.


#4 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 6,803 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:09:22 AM

Posted 18 November 2015 - 08:29 PM

Since HealthVault is a Windows Service that one must choose to use, it's genuinely foolish to say "Windows 10 gets and keeps your medical/health records."

 

HealthVault is covered in the Microsoft Services Agreement and its own dedicated privacy agreement.  Reading those would be the best starting point.


Brian  AKA  Bri the Tech Guy (my website address is in my profile) Windows 10 Home, 64-bit, Version 1709, Build 16299

       

    Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
             ~ Lauren Bacall
              

 


#5 jargos

jargos
  • Topic Starter

  • Members
  • 664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney Australia
  • Local time:12:22 AM

Posted 18 November 2015 - 08:30 PM

 

WOW ... (from your 2d link)

 

Along Came Windows 10

 

At least until Windows 10 came along. Windows 10 violates every privacy principle on which doctors rely to protect their patients’ data.

 

Simply put: It’s a privacy nightmare for everyone

 

If you are a doctor, you should find this breach of privacy — and the liability which it creates — horrifying.. And if you are a patient, you should find this nothing less than terrifying. Every single private particle of data about you, from the level of your Zoloft dosage to the color of your last urine sample, is about to become publicly available.

There are ways to turn off much of this data mining capability, but the process is not self-evident, and few doctors’ have either the know-how or even desire to shut it down, despite the clear risk it prevents.


Linux Mint 17.2 Cinnamon on older, Pentium 4 desktop.

Win 7 on Medion Akoya i3 laptop


#6 jargos

jargos
  • Topic Starter

  • Members
  • 664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney Australia
  • Local time:12:22 AM

Posted 18 November 2015 - 08:34 PM

continued ..

 

And if you’re my patient?

 

Not to worry. My practice has been using the most secure operating system in the world (Linux), for eight years, and I have taken significant measures to ensure your data is secure.

 

(Pardon the formatting - difficult copy / paste)

 

Ahh .. the sweet air of freedon :-)


Edited by jargos, 18 November 2015 - 08:34 PM.

Linux Mint 17.2 Cinnamon on older, Pentium 4 desktop.

Win 7 on Medion Akoya i3 laptop


#7 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 6,803 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:09:22 AM

Posted 18 November 2015 - 08:35 PM

jargos,

 

           When a single one of your hyperbolic predictions takes place in fact, please let us know.   Until then, it's just BS.


Brian  AKA  Bri the Tech Guy (my website address is in my profile) Windows 10 Home, 64-bit, Version 1709, Build 16299

       

    Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
             ~ Lauren Bacall
              

 


#8 iAlex

iAlex

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:probably in bed
  • Local time:07:22 AM

Posted 18 November 2015 - 08:38 PM

my dad's work environment is still stuck at XP. and even if that's a security nightmare (their poor IT department is absolutely lackluster as well), my dad did inform us that it's a huge HIPPA issue.

 

jeez, i'd be paranoid if someone was looking at my fitbit records, let alone my medical records.


Excuse me as I bang my head against the wall....

#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 AM

Posted 18 November 2015 - 08:43 PM

You're most likely referring to this article.

http://www.zdnet.com/article/microsoft-updates-privacy-statement-addressing-concerns-from-critics/

MICROSOFT HEALTH SERVICES
This is a new section covering the Microsoft Band, Health Services, and HealthVault. It includes this straightforward statement about the privileged status afforded to health information:

Health data you provide through Microsoft Health services or store in HealthVault is not combined with data from other Microsoft services, or used for other purposes without your explicit consent. For example, Microsoft does not use your health record data to market or advertise to you without your opt-in consent.


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 6,803 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:09:22 AM

Posted 18 November 2015 - 08:48 PM

It's also clear that a number of the hyperventilating do not understand either HIPAA or the likely architecture of any dictionary creation done via keylogging.

 

If you actually think that the typing preferences are sending your data back to Microsoft as a stream of unprocessed information, like your document is being sent word for word as you type it, you'd better learn more about how this sort of thing is done.

 

It's just astounding that there is a belief that none of this was considered, and at length, when Windows 10 was being developed.

 

Microsoft is not, contrary to certain opinion here, composed of a bunch of brainless fools.


Brian  AKA  Bri the Tech Guy (my website address is in my profile) Windows 10 Home, 64-bit, Version 1709, Build 16299

       

    Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
             ~ Lauren Bacall
              

 


#11 brainout

brainout

  • Members
  • 1,190 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Houston
  • Local time:07:22 AM

Posted 19 November 2015 - 01:13 AM

To JohnC_21: thank you for the links.  I've not yet searched the web for what others are saying about this.  Am only working with the source material, still.

 

jargos, the danger in HIPAA is not as some of the other posters here are claiming, because they don't understand the risk or the meaning of the issues in that law.  I have to.  My clients are physicians.

 

We are avoiding Win10 for reasons I've explained so often in this forum, it would be unfair to state them at length again.  It's not MSFT directly, that I'm worried about.  MSFT only wants the offline and private data -- which is more than Google can get and way beyond what Google wants -- for datamining.  MSFT uniquely is in a position, via the OS, to target ads (aka 'monetize the desktop' as Amy Hood and others put it, to Wall Street);  and, to slurp private data so they can sell it to companies who want to forecast demand.  So it's in MSFT's best interest to protect the raw data.  It's not even useful to them until it's been anonymized and aggregated. Personally, I'd argue such data is a waste of money to buy, but hey: that's a buyer's prerogative.  So far, no harm, no foul.

 

But here's the problem: In order to justify that datamining, MSFT makes the software use terms subject to rules which violate HIPAA.

 

So it wouldn't matter if none of your data were ever actually slurped by MSFT even for datamining.  The rules violate HIPAA, and many others in the medical business know this, and therefore won't touch Win10 nor any of the added 'services'.  It's a big topic right now.  I just talked to an accountant yesterday, who rolled back.  His clients are mostly physicians, too.  So right now, this is a slow-burn realization, but a year from now, it will be front page news.

 

Those who don't do their homework will be caught flat, will be the target of greedy lawyers who manipulate the rules.  Malpractice insurance premiums will skyrocket, once those guys make a name for themselves.

 

At that point, anyone counseling or using Win10 and its 'services' will become a pariah.  MSFT's own reputation will tank, and the stock will plummet.  Then and only then, the company will hopefully 'do something' to provide the option to remove all telemetry from the OS (like Enterprise is supposed to get now, so it's an easy change);  then and only then will the lawyers at MSFT remove the offending rules.  But not before.  Too much callousness, name calling against critics, intransigence.

 

Saddest thing is, the OS which yes has bugs, will likely be much better then.  But the inapt rules will cripple it.  That's why I complained so much in that latest ZDnet article.  Hoping someone will see that the rules just gotta be rescinded.

 

That's all I'm gonna say about it now, hope you'll understand why.  Thank you for your time.


Edited by brainout, 19 November 2015 - 01:41 AM.

(Away, Notifications Off) AUDIT PREMISES, my guidon.  -- brainout or brainouty on vimeo or Youtube, domain brainout.net


#12 jargos

jargos
  • Topic Starter

  • Members
  • 664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney Australia
  • Local time:12:22 AM

Posted 19 November 2015 - 06:27 AM

 

Thanks for the links, johnC 21. Your added link, the edit, is just as interesting and should be read by all

 

It should be noted that the comments I copied in my posts 5 & 6, are from a medical practitioner - not mine. I know next to nothing about this issue and was merely curious, from an article I glanced.

 

It is instructive, however, that even comments from concerned practitioners are described as hyperventilation by those who jump in to defend MSFT at all costs. Intreguing, to say the least.


Linux Mint 17.2 Cinnamon on older, Pentium 4 desktop.

Win 7 on Medion Akoya i3 laptop


#13 jargos

jargos
  • Topic Starter

  • Members
  • 664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney Australia
  • Local time:12:22 AM

Posted 19 November 2015 - 06:29 AM

To JohnC_21: thank you for the links.  I've not yet searched the web for what others are saying about this.  Am only working with the source material, still.

 

jargos, the danger in HIPAA is not as some of the other posters here are claiming, because they don't understand the risk or the meaning of the issues in that law.  I have to.  My clients are physicians.

 

We are avoiding Win10 for reasons I've explained so often in this forum, it would be unfair to state them at length again.  It's not MSFT directly, that I'm worried about.  MSFT only wants the offline and private data -- which is more than Google can get and way beyond what Google wants -- for datamining.  MSFT uniquely is in a position, via the OS, to target ads (aka 'monetize the desktop' as Amy Hood and others put it, to Wall Street);  and, to slurp private data so they can sell it to companies who want to forecast demand.  So it's in MSFT's best interest to protect the raw data.  It's not even useful to them until it's been anonymized and aggregated. Personally, I'd argue such data is a waste of money to buy, but hey: that's a buyer's prerogative.  So far, no harm, no foul.

 

But here's the problem: In order to justify that datamining, MSFT makes the software use terms subject to rules which violate HIPAA.

 

So it wouldn't matter if none of your data were ever actually slurped by MSFT even for datamining.  The rules violate HIPAA, and many others in the medical business know this, and therefore won't touch Win10 nor any of the added 'services'.  It's a big topic right now.  I just talked to an accountant yesterday, who rolled back.  His clients are mostly physicians, too.  So right now, this is a slow-burn realization, but a year from now, it will be front page news.

 

Those who don't do their homework will be caught flat, will be the target of greedy lawyers who manipulate the rules.  Malpractice insurance premiums will skyrocket, once those guys make a name for themselves.

 

At that point, anyone counseling or using Win10 and its 'services' will become a pariah.  MSFT's own reputation will tank, and the stock will plummet.  Then and only then, the company will hopefully 'do something' to provide the option to remove all telemetry from the OS (like Enterprise is supposed to get now, so it's an easy change);  then and only then will the lawyers at MSFT remove the offending rules.  But not before.  Too much callousness, name calling against critics, intransigence.

 

Saddest thing is, the OS which yes has bugs, will likely be much better then.  But the inapt rules will cripple it.  That's why I complained so much in that latest ZDnet article.  Hoping someone will see that the rules just gotta be rescinded.

 

That's all I'm gonna say about it now, hope you'll understand why.  Thank you for your time.

Your clients are physicians.

 

That fact in itself, leads one to the reasonable conclusion that you sure as hell know what you are talking about in this matter.

 

Thanks for the explanation.


Linux Mint 17.2 Cinnamon on older, Pentium 4 desktop.

Win 7 on Medion Akoya i3 laptop


#14 brainout

brainout

  • Members
  • 1,190 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Houston
  • Local time:07:22 AM

Posted 19 November 2015 - 06:34 AM

Your dad's right.  But the XP issue exists only if the machines containing the data, would be online.

 

HIPAA is concerned with whether the data can be HACKED or SLURPED.  If not, then you're in compliance.  There's the obvious side issue of employees taking the data outside the office or intranet or hospital, etc., which is a version of either hacked or slurped.

 

Professionals (not merely doctors) concerned about Win10 are more concerned about the 'slurped' issue, and that due to contractural provisions in using it, though there is risk given the unknown content of the telemetry actually leaving the machine going to Microsoft servers.

 

It's not to accuse anyone.  Obviously no one intends for the data to be at risk.  Your dad can explain more to you, about that.

 

 

my dad's work environment is still stuck at XP. and even if that's a security nightmare (their poor IT department is absolutely lackluster as well), my dad did inform us that it's a huge HIPPA issue.

 

jeez, i'd be paranoid if someone was looking at my fitbit records, let alone my medical records.


Edited by brainout, 19 November 2015 - 06:35 AM.

(Away, Notifications Off) AUDIT PREMISES, my guidon.  -- brainout or brainouty on vimeo or Youtube, domain brainout.net


#15 brainout

brainout

  • Members
  • 1,190 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Houston
  • Local time:07:22 AM

Posted 19 November 2015 - 06:51 AM

@jargos: sorry, I missed your post and then couldn't get the quote function to work to cut out my own text.  You wrote:

 

"Your clients are physicians. That fact in itself, leads one to the reasonable conclusion that you sure as hell know what you are talking about in this matter. Thanks for the explanation."

 

Actually, there's quite a lot I don't know.  That's why I keep reading and coming here.  We can't afford to be sued, that's my motive.  It really has nothing to do with being upset at MSFT, though I am upset as well (mainly at their lawyers, who have to be too dumb to live).  If my clients are sued, there goes my own livelihood.

 

Back in ancient times, if you were an advisor and you screwed up, you AND YOUR ASSOCIATES were all murdered.  Today, 'murdered' means 'sued'.  So if a physician is sued, during 'discovery' depositions, he'll have to name his advisors -- computer techs helping him, accountants, lawyers, then also folks like me -- so guess who else gets sued, too?  The loss of time, of lawyers' fees, of goodwill if the news gets out (for everyone's all hot to abandon you even if you're merely accused, these days).. see?

 

So John's links are more than timely.  I've been so busy trying to find out each day's news, I've not had time to search on what others are saying.  Until now.

 

The concerns voiced in those articles, don't yet look much at the rules, but only at the structures of telemetry.  The latter is enough all by itself to prohibit Win10 and the 'services' from any professional's devices, as the information taken, cannot be changed, turned off, ascertained, or controlled.  Bear in mind that most professionals do not qualify for an Enterprise license (indeed many hospitals can't, either).  So that's why this is such an issue.

 

Shutting up now.  You know where to find me if you want more info to discuss in a forum on this.


Edited by brainout, 19 November 2015 - 07:04 AM.

(Away, Notifications Off) AUDIT PREMISES, my guidon.  -- brainout or brainouty on vimeo or Youtube, domain brainout.net





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users