I'm glad your organization hasn't had a PHI breach. I'll see your anecdata and raise you mine:
The two biggest hospital providers in my geography have both had breaches in the last 5 years, both involving exfiltration of PHI (and one involving ransomware). (My family's data was in both, too!)
I have a background in IT security and systems administration (including working as a contractor for healthcare providers). Since medical records have become "electronic" I've assumed medical data is de facto public.
If there was a diagnosis or treatment I felt others knowing about would compromise me I would avoid bringing it up to a medical professional or seeking treatment. I'm certain there are people who avoid mental health services, for example, for exactly that reason.
I wonder how it changes the calculus when medical data is leaked into the public domain then hoovered-up by data brokers.
Is a law being broken by a data broker if a credible case can be made that the data was publicly available?
I would think the leaking party would be subject to action, but does the "taint" of the data being private somehow get "washed away" if it becomes publicly available? Asked another way, is a party who consumes illegally-leaked but publicly available data also on the hook for privacy regulations.
In the off chance anybody from Rode sees this: This makes me want to purchase your gear. Don't change it.
It's funny this comes up now. Tomorrow I'm dragging my Zoom R20 recorder on-site to use as an overly-featured USB audio interface for a single-mic live stream. If I'd know this about Rode a week ago I'd have purchased one of these and could have left my R20 hooked-up in the home studio!
Funny you mention that, because my first thought when reading that he submitted a report to the vendor was that they'd "fix" the problem by requiring firmware uploads to be signed (in which case it's "secure" because only their service techs have access to the private key, IOW, security by sternly worded written policy).
I’m guilty of using my Zoom R16 in a similar fashion; as USB audio interface most of the time for a couple of inputs.
The only thing that is a little sad about it is that for example the faders do nothing when the R16 is in USB audio interface mode.
It does however like to randomly turn on reverb and one other effect after power cycling. Which I sometimes forget and then wonder for half a second why the audio is sounding weird :P So there is some extra functionality that is available even in USB audio interface mode, although in this case not desirable for me to have enabled within it. If I want to add reverb or other effects when using the R16 as USB audio interface, I prefer to do so in the DAW. I would have liked to be able to use the faders though.
I'm running my R20 in USB interface / stereo mix mode and the faders do work. I didn't think about trying to apply any effects. I'll play with that, for fun, but I'd definitely add them in the DAW as well. (I really only use my R20 for multitrack recording and do all my effects in the DAW. I like it, and it can do a ton standalone, but my workflow really just needed a multitrack recorder and I could have probably spent a lot less. It just looked like fun...)
> I still don't want a fucking audio recorder in my doctor's office ...
If I got a copy of the raw recording I might consider it. Maybe. Having that audio recording would be valuable to me.
It's very irksome medical providers I visit have signs posted prohibiting audio and video recording by patients. My medical appointments aren't exceedingly complex, but a reference audio recording would be handy.
I suppose I could exercise civil disobedience and just record anyway since it's not illegal in my state. Still, it irks me.
> If I got a copy of the raw recording I might consider it. Maybe. Having that audio recording would be valuable to me.
We wouldn't be able to provide it because it's never kept. It's transcribed directly, and then only the note summary is kept. This is to ensure the recording and transcript can't leak (because they don't exist). This was one of my first questions for all of these tools. Where does the data go, how is it processed, what happens. One company refused to talk about it, so I refused to talk to them.
That's the job of the provider. There's no other way to actually verify the accuracy of the note. You can't actually engineer humans out of the loop, the loop revolves around humans.
Agreed. That sounds like a recipe for "we don't know how 'the algorithm' came up with what it did" kinds of excuses when, inevitably, inaccuracies are found. It also seems, conveniently, to make the processing system practically unimpeachable.
I've ended up with an erroneous medicine allergy on my record because I mentioned a well-known side effect to that medicine during an office visit a couple years ago. Some "moving part" in the system (be it a human entering the doctor's notes, a transcriptionist, etc) interpreted what I said as an allergic reaction and now I get asked about that "allergy".
I've asked to have it fixed but other facilities have gotten "copies of my records" and I've had it crop up in visits to other providers.
Thankfully it's not a medicine that's likely to ever be administered to me (or not administered when I'm incapacitated and can't point out the error) so I'm not worried, practically. On principle, though, it really frustrates me. It seems like it will never be fixed.
I feel like this kind of "API only kinda works" behavior is emblematic of MSFT. So many times I feel like what I want was anticipated, 90% of the work was done, and the rest is left to me to make a dodgy hack of.
I made little CLI tool back in the MS-DOS days to dump binaries into VGA mode 0x13. It allowed me to vary the width of "line" wrapping. It was a killer tool for seeing data in binaries.
Setting aside any concerns about cops being examples, public servants, etc, I'm shocked the NYPD's insurance doesn't have a problem with it.
My wife worked for a County government agency in Ohio. Her job duties included driving. She was required to report all traffic citations or crashes, regardless of when they occurred (during or outside of work hours), to the County and sign an affidavit annually attesting to such reporting.
If she exceeded a threshold of violations in a year the County's insurer would refuse to cover her. Because her job duties included driving this was considered grounds for termination.
Life as a cop is extremely different than the typical citizen, at least in most countries where I've spoken to cops, which doesn't include the US though, but I'm sure the same applies there because points everywhere.
Was a firefighter, same. And not so much a "threshold of violations in a year" but "clean driving record for three years at time of hire, and maintained."
reply