I am a software developer with a small county government. I also cover end user support at our 50 person Social Services. DSS utilizes a State of North Carolina website, NC Fast to submit and store HIPPA data as related to DSS cases. I have some concerns about the forced use of Google Chrome as the only interface to NC Fast and data mining in general as related to HIPPA.
Our county strictly prohibits any so-called cloud data. We take our HIPPA oaths seriously. We do not even allow public facing access, except for OWA. All of my sites are hosted by vendors including my GIS site. This solution costs more but security is solid. Being a 3 man IT shop, we are general practitioners, not specialists in security.
1. HIPPA prohibits unauthorized "USE" or "SHARE" of PII, Personal Identifiable Information.
2. Google Chrome EULA states they "USE" and "SHARE" end user data in exchange for using their spyware. Also, Google Chrome has a long history of repeatedly violating end user privacy.
3. Recent versions of Windows contain data mining features that collect and transmit end user workflows and data.
A. Does use of data mining software/OS violate HIPPA?
B. Which browser best protects end user data?
C. Is it possible to block Windows outbound ports to inhibit unauthorized access to HIPPA data? Which ports and are they fixed or dynamic ports?
I contacted the main HIPPA office in Atlanta. They have no enforcement powers.
I contacted the main NC security officer. Google Chrome is assumed to be "secure"
It seems to me that putting Chrome in charge of HIPPA data security is the moral equivalent of putting pedophiles in charge of Children Protective Services, CPS. Am I wrong? How do we secure HIPPA data from unauthorized access?
Regards,
Kurt