RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: RAINdrip: Interesting concept "insure data in the Cloud" hee hee hee
From:
Ken Fontana <[log in to unmask]>
Reply To:
Records Management Program <[log in to unmask]>
Date:
Tue, 27 Oct 2009 15:17:08 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (129 lines) 
Great Subject Julie; one of my favorites so far.

To carry forward into this harrowing adventure, allow me to posit an
additional scenario.

You're a local regional hospital who is storing electronic patient
records (HIPAA regulated PHI) with a third party data warehouse
operator.  Said third party adopts the Cloud methodology for you and
their other clients...........

Where did the breach occur?  Did the breach occur within the cloud?  If
so, who owns the cloud?  Who failed to keep their security software up
to date and allowed the hack of that data?  Who is now responsible under
federal law to notify those breach victims, place 12 month credit
monitoring services, notify HHS of the breach, etc. and, ultimately,
face any lawsuits for release of PHI?  

The hospital?  The 3rd party data warehouse or the owner of the cloud
where the data was stored/breached?  Forensic claims analysis on the
way....  Breach occurred at company x who operates the cloud and owns
the servers.  Now that we have that settled, did the data warehouse know
that cloud operator had similar breach's in the past before they placed
your data with them?  They did?  Well, that's just more
negligence..........

Welcome to my world!  

Ultimately, everyone involved in the chain has the legal exposure, at
minimum from being a named in the suit and paying for defense costs.
Losses in that realm are likely going to take Years to get through the
courts.  Luckily, your lawyers data regarding your defense and the
claimant's information will be stored safely within the cloud.  

Kenneth S. Fontana
Vice President
Insurance Risk Managers of MO, Inc.
800-221-7686 toll free
314-997-7250 fax
307-214-0006 cell
 
I am Always Interested in Adding New Clients and Expanding our Mutual
Network.   A Referral is the Highest Form of Compliment in Business.  
                                Illinois Movers & Warehouseman's
Association                                    
 
Check us out on the Web at www.irmmo.com

-----Original Message-----
From: Records Management Program [mailto:[log in to unmask]] On
Behalf Of Julie J. Colgan
Sent: Tuesday, October 27, 2009 2:50 PM
To: [log in to unmask]
Subject: Re: RAINdrip: Interesting concept "insure data in the Cloud"
hee hee hee

Thanks for that link Larry.

The issue of the security/stability of the cloud is spurring some
interesting comments and debate in the legal industry as well,
particularly
whether or not use of the cloud constitutes a breach of a lawyer's duty
of
confidentiality.  ***Caveat: I am not a lawyer! Continue reading at your
own
risk!***

Here's how the story goes:  Lawyers, according to the Rules of
Professional
Conduct and associated Ethics Opinions, have an affirmative duty to
protect
the interests of their clients, including preserving confidentiality.
Because there have been verified breaches of content from some clouds
(Google Docs, for one), there are some in my industry that feel those
breaches, in and of themselves, is enough to drive lawyers to avoid the
use
of the cloud altogether for the creation, use and/or storage of material
that relates to client work.

My initial reaction to that conclusion is, let's not be so hasty.
Sometimes
1+1 equals 2, when other times 1+1 equals more than 2 ... here I think
it
only equals 2.  By that I mean just because there have been some
breaches
with some products, doesn't necessarily mean that the entire approach is
problematic.  Lawyers/law firms should be very thoughtful about their
use of
the cloud, but I can't see any overwhelming reason to avoid it nor do I
feel
that its mere use constitutes, in fact, a breach of confidentiality nor
does
it necessarily imply negligence with regard to their ethical duties.

The trick to the issue is two fold: 1) how the lawyer/law firm
interprets
the phrase "reasonably practicable", and 2) how they go about their due
diligence with regard to selecting and using clouds.

The impact of lawyer ethical obligations on RIM is my current "for fun"
research focus and is a topic I am using for some writing and potential
speaking engagements.  Would love to hear any feedback folks have on the
issue of cloud computing and lawyer ethics - lawyer or not.
Perspectives
other than mine are wholeheartedly encouraged!

Julie

-- 
Julie J. Colgan, CRM

[log in to unmask]
http://twitter.com/juliecolgan
http://www.linkedin.com/in/juliecolgan

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already
present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of
the message.
mailto:[log in to unmask]


*** DISCLAIMER *** The preceding correspondence and any attachments may contain confidential information protected by the attorney-client or other privilege. If you believe that it has been sent to you in error, please reply to the sender that you received the message in error; then delete or destroy the message along with any attachments. Please note, coverage cannot be bound, altered or cancelled via the email system or by fax. Thank you.

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2