Outsourcing jobs a security risk: US intelligence

Indian Express Newspapers (Bombay) Ltd ^ | March 20, 2004

[Liz]

outsourcing ping

[neutrino]

Earlier, someone argued that the HIPAA cannot be "violated" overseas . . . I'd like to figure that out before getting into an argument with you.

I understand. But we're getting into a fairly serious question about the competent jurisdiction of the courts. U.S. laws really don't apply outside our borders. For example, there was a student in the Philippines who released a computer virus - you may recall this - and because this was not against the law in the Philippines, the little miscreant was NOT prosecuted.

Now suppose that a doctor contracts with a company out of India to do some things. Suppose further that the offshore company makes many promises, all in writing, that they will comply fully with all applicable laws - and then, they don't. Is the doctor in criminal violation? I wouldn't think so. Is the offshore company? I'm not so sure. Your test appears to be that if a company does business here, they're subject to our laws - but are they? If a German company sells me a widget, are they automatically subject to the entire body of U.S. law? For that, we'd need to really get into recent precedent.

Even if the offshore company is theoretically criminally liable, the practicality of pursuing them seems daunting. Prosecuting our hypothetical doctor might please some (Me!!!) because it would discourage offshoring, but it seems rather unfair.

Civil suits have similar challenges. I'm aware that sometimes foreign citizens seek to sue U.S. companies in the U.S. because our courts tend to award big damage judgments - as for what we could expect from foreign courts, I have my doubts.

Incidentally, if your medical records are stolen, do you think your lawyer will go after the medical-provider, or simply consult you to let the state prosecutor's office handle the case?

But the state office can't do that. HIPAA is a federal law, and as such must be tried in federal court by a federal prosecutor. That's possible, but they're busy people - and I've got my doubts that they're going to prosecute kindly old Dr. Jones just because someone revealed the Neutrino has very small mass.

As for a civil suit, it's hard to get a lawyer interested if the damages are less than $100,000. I know of a case where a child in a hospital was unable to swallow and the chart specified that all food had to be pureed. The kid was fed a piece of meat the size of a cigarette package, choked, and died. The jury awarded...nothing. So I doubt I'd get to cash out on that one.

[angkor]

Here you go, for starters:

http://privacy.med.miami.edu/glossary/xd_business_associate.htm

DHHS has taken the position that covered entities are not liable for the privacy violations of business associates. However, if a covered entity becomes aware of a pattern of activity or practice by a business associate that constitutes a material breach, it must:

take reasonable steps to remedy the situation;

if such steps are not successful, terminate the contract or arrangement;

or if termination is not feasible, report the problem to DHHS.

Notwithstanding these provisions, failure to execute a business associate contract with "satisfactory assurances," or to take these corrective actions when the assurances are not met, could result in liability.

[angkor]

But we're getting into a fairly serious question about the competent jurisdiction of the courts. U.S. laws really don't apply outside our borders

You guys need to use topics other than health care outsourcing to cover this issue. Don't know what you're missing, but third party Business Associates (outsourcers) are specifically excluded from privacy liability under HIPAA, whether they're in Des Moines or in Bangalore. With an emphasis on "specifically excluded."

[1rudeboy]

Thanks. I didn't think it would jibe with your ". . . whenever customer data goes offshore, it's by statute no longer subject to the privacy and security laws of the United States, e.g., HIPAA regs no longer apply."

[angkor]

http://privacy.med.miami.edu/faq/xf_biz_assoc_passthrough.htm

[Liz]

We must mention on outsourcing threads that Dumbocrats are making this a campaign issue, trying to place the blame on GWB.

In point of fact, we need to be naming names......Dim CEO's who outsource......then donate bigtime to John Kerry with their profits.

I see another Kerry inconsistency here.

You also won't hear Kerry mention Heinz's massive outsourcing of American jobs (listed on their web site).

No problem. We'll do do it for him.

[angkor]

Thanks. I didn't think it would jibe with your...

Not sure whether you're sentence parsing or what.

When health care data goes offshore it's by definition "outsourcing", yes? In HIPAA language that would be "Protected Health Information is sent to an [offshore] Business Associate by a Covered Entity."

And under HIPAA regs, that scenario is specifically excluded from HIPAA protection, as I've been repeatedly posting.

[neutrino]

Thanks for the info!

[Clintonfatigued]

Corporate America is becoming The Enemy Within.

[1rudeboy]

Not sure whether you're sentence parsing or what.

Actually, yes I am. My reading of the regulation is that the Business Associate must comply with the regulation, and the Covered Entity is not liable for a BA's violation provided there is no negligence by the CE.

[DustyMoment]

Yeah, this is not the Kerry slam dunk that we are being led to believe that it is, IMO. I think that the Dems have more cards up their sleeves than a riverboat card sharp.

I have no problem with Bush fighting Kerry right now, but I hope he goes easy with the cash until after the conventions. His campaign war chest scares the Dems right now and they would love to trick him into spending as much of it as they can on Kerry before the convention and pulling a surprise.

[Iscool]

But then you're making the assumption that we still have old fashioned National Security...

I see it as the general public being light years behind this modern globalsim...The groundwork was laid decades ago when the Americans who heard about globalism were afraid to talk about it in public...It was bad then, it's bad now...

Our gov't leaders have been trading/selling our secrets for some time now...We don't have much left in the way of National Security...The US has become a Nation/State of the World...Someone will probably be in charge of this New World Order...I assume the US gov't figures it will be them...

But I'm thinking it ought to be clear to anyone who looks, we as a people and a nation, mean little more to our "leaders" than the people and nation of India, or China or Burma...

[banjo joe]

we will invent new technologies faster than they can steal.

Har!

Those technologies will be developed elsewhere. IT is a tough field, why bust your butt getting the degrees, certs, etc. if the jobs are going elsewhere.

My advice to the kids asking me about an IT career: don't. Go into auto body repair, HVAC, etc., open your own shop, be your own person and employee a few people.

[ninenot]

From what I've read in the HR newsletters, attorneys are issuing rather strong warnings to 'covered entities' AND to their customers (Company XYZ) that the agreements with overseas processors must be VERY tight on security arrangements, with accountability for consequences built into the contracts.

It is an area of concern, so much so that the activity (outsourcing) may abate.

[B4Ranch]

ping

[ninenot]

You've identified the problem. Most likely the only recovery available to an aggrieved US citizen whose records were compromised is a big fat PI-led damage suit.

THAT'S why the warnings are out there. Beyond that, it's likely (think Alabama) that a damage suit will prevail, leaving the Covered Entity to recover from its Indian subcontractor.

[swampfox98]

No problem. We are so creative that we will invent new technologies faster than they can steal. No need to cry over buggy whips.

Ameica's power, wealth and security has finally been put on the line, and we are losing it all. Between having to take care of millions of illegals, and seeing good jobs destroyed by foreign workers, Americans don't have a chance.

Equal time: Kerry's spouse has outsourced 35 of her companies to other countries. Wonder if the Democrat Unions know this?

[kezekiel]

No problem. We are so creative that we will invent new technologies faster than they can steal. No need to cry over buggy whips.

Assuming that you're not being sarcastic, I guess that means that intellectual protection is unnecessary, except perhaps only for Americans against other Americans. A lack of intellectual protection discourages creativity and trade, which is ultimately why they exist--to benefit the public welfare.

[lelio]

She insisted I'd made an error in validating my account info (I hadn't) but refused to tell me what the problem was,

That's more of a clueless bank problem. What gets me about offshoring is that companies are doing it with things that they never really did well, ie customer service.

What do they think is going to happen when they send something that they had problems with 3000 miles away? Its going to magically get better? No, it gets worse.