OT: Security

[Brian K. White]

On 12/5/2014 12:39 PM, Richard Kreiss wrote:
> I just received an email from Med-Star, a hospital group here in Maryland to
> sign up for their "MyMedStar" portal.
>
> Their user agreement is very interesting. ( just a few of the items listed)
> 	1. You agree to opt out of the Maryland Law controlling this type of
> service
> 	2. You are responsible for all security of the data even on their
> system
> 	3. You agree to a hold harmless agreement if the systems are hacked
> 	4. They own all of the information including a medical information
> about you
> 	5. they can change the agreement without notice.  It is the
> individual's responsibility to read the use agreement prior to logging in.
>
> I wonder how I can secure my data on their system or insure that their
> systems are properly secured?
>
> Interesting how corporations are making it the users responsibility to
> secure their system and agree to opt out of any applicable laws which are
> meant to protect.
>
> Looks like I will not be "MyMedStar"
>
> As I always tell people, read the user agreements before install apps or
> signing on for any "services"

What I see here:
https://www.mymedstar.org/Enrollment

#2 Seems to be untrue.

The rest seem to check out, but I'm not sure how bad or unreasonable 
that is, in light of the fact which they state repeatedly, that this is 
just for information and convenience, and is not an official reference 
or channel.

#5 would bother me the most, because basically that means what I just 
said above could change at any time, and if they really do not force you 
to acknowledge that a change happened before holding you to it, that 
could be bad.

#1 Entirely depends of what that law says and what kinds of things 
actually happen on this service. It may be outlandish or it may be 
perfectly proper. So I can't say much about that.

All in all, I'd probably make the same call you did. No thanks.

-- 
bkw