Wednesday, October 7, 2020

Cell-Site Simulators/IMSI Catchers and Your HIPAA Protected Data


When you call another office to discuss a patient with another treating doctor, you don't need to worry about HIPAA violations occurring.  That's because the telephone is considered to be a secure mode of communication.  We don't have party lines anymore that allow anyone to listen in and the only way someone can legally listen to a conversation is with a court issued warrant.

However on your mobile phone, things can be very different.  Now your mobile phone is supposed to be treated legally like a landline phone, but that isn't always the case in the current environment.  That's because of devices known as "Cell Site Simulators" or "IMSI Catchers".

In a perfect world, your cell phone connects to a tower near you that has the strongest signal between its transmitter and your phone.  The phone then connects and sets up a secure line of communication.  I emphasize that's the way it is supposed to happen.  The truth can sometimes be quite different.

In today's current environment law enforcement agencies can deploy "Cell Site Simulators" or "IMSI Catchers".  These are devices that "spoof" a normal cell phone tower.  What happens is your phone, thinking the IMSI Catcher is a regular cell phone tower, connects to the Catcher just as it would the tower.  In reality, the Catcher is a different story.

Imagine shipping something in a box to your mom.  You drop the box off at the UPS store and you have it all stored.  The package is picked up by UPS, taken to your destination, and delivered to your mom.  She opens it and takes out whatever it is you sent.  That''s how things work with "normal" cell phone calls.

With Catchers, here's what happens.  You drop the box off at the UPS store, after you leave the store and before it is picked up by UPS, someone opens the box, removes the contents, examines them, makes notes or takes pictures, and then puts everything back and reseals the box.  This box is then picked up by UPS and delivered to your mom.  Neither you  nor you mother have any idea that someone else opened the box and examined and recorded all of its contents.

Catchers are deployed by law enforcement.  They spoof themselves as cell phone towers and when your phone connects, they record everything your phone does.  They also pass the signal along so that your call or text message or whatever goes on through and no one is the wiser.  Whoever is in range of the Catcher has their phone connect to it.  The device does not discriminate, it does not need a warrant.  It allows a third party to completely record everything your phone does, tracks your location, everything.  All without a warrant.

I have a lot of concerns about these devices.  Obviously having literally *everything* you say or do on your phone recorded screams of a violation of our constitutional rights, but how about HIPAA?  Can you truly discuss a patient on a call that just may be being recorded for posterity?

That's something everyone in healthcare should ponder.  We should also be asking our law enforcement agencies exactly why they are doing this and how can it be legal?

There is a great article on this subject that you can read on the website of the Electronic Freedom Foundation.  I think it is required reading.


1 comment:

  1. Old technologies in the field of dental crowns are in the past. CEREC crown technology is revolutionizing the way we make tooth crowns. CEREC same-day crowns are just like your natural teeth, and are comfortable in any situation where some older crown materials may not be.
    dentist charlotte