HI all, I am with a NYS major trauma center and all programs that our employees/providers use must be vetted through the IT Department by way of a Risk Analysis. Is there someone I would talk to about this? I scoured your website and could not find a specific person. Thank you so much Kristin Wait Albany, NY ----------------------------------------- CONFIDENTIALITY NOTICE: This email and any attachments may contain confidential information that is protected by law and is for the sole use of the individuals or entities to which it is addressed. If you are not the intended recipient, please notify the sender by replying to this email and destroying all copies of the communication and attachments. Further use, disclosure, copying, distribution of, or reliance upon the contents of this email and attachments is strictly prohibited. To contact Albany Medical Center, or for a copy of our privacy practices, please visit us on the Internet at www.amc.edu. [[alternative HTML version deleted]]
Hello Kristin, Are you talking about risk analysis from the perspective of software vulnerabilities? John On Thu, Jun 18, 2020 at 3:21 PM Wait, Kristin <WaitK at amc.edu> wrote:> HI all, > > I am with a NYS major trauma center and all programs that our > employees/providers use must be vetted through the IT Department by way of > a Risk Analysis. > Is there someone I would talk to about this? > > I scoured your website and could not find a specific person. > > Thank you so much > Kristin Wait > Albany, NY > ----------------------------------------- CONFIDENTIALITY NOTICE: This > email and any attachments may contain confidential information that is > protected by law and is for the sole use of the individuals or entities to > which it is addressed. If you are not the intended recipient, please notify > the sender by replying to this email and destroying all copies of the > communication and attachments. Further use, disclosure, copying, > distribution of, or reliance upon the contents of this email and > attachments is strictly prohibited. To contact Albany Medical Center, or > for a copy of our privacy practices, please visit us on the Internet at > www.amc.edu. > > [[alternative HTML version deleted]] > > ______________________________________________ > R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see > https://stat.ethz.ch/mailman/listinfo/r-help > PLEASE do read the posting guide > http://www.R-project.org/posting-guide.html > and provide commented, minimal, self-contained, reproducible code. >-- John :wq [[alternative HTML version deleted]]
R is open source software that is offered as-is, and many users of R utilize additional "contributed" packages which are developed and vetted independently of the R Core members. In addition, it is common for users of R to add minor functionality in the course of obtaining useful results, which are clearly out of scope for R Core or any CRAN package maintainers. You may be able to find consultants who will address your concerns for a fee, but AFAIK that is not a service offered by the authors and maintainers of R and CRAN. https://cran.r-project.org/web/packages/policies.html On June 18, 2020 9:58:50 AM PDT, "Wait, Kristin" <WaitK at amc.edu> wrote:>HI all, > >I am with a NYS major trauma center and all programs that our >employees/providers use must be vetted through the IT Department by way >of a Risk Analysis. >Is there someone I would talk to about this? > >I scoured your website and could not find a specific person. > >Thank you so much >Kristin Wait >Albany, NY >----------------------------------------- CONFIDENTIALITY NOTICE: This >email and any attachments may contain confidential information that is >protected by law and is for the sole use of the individuals or entities >to which it is addressed. If you are not the intended recipient, please >notify the sender by replying to this email and destroying all copies >of the communication and attachments. Further use, disclosure, copying, >distribution of, or reliance upon the contents of this email and >attachments is strictly prohibited. To contact Albany Medical Center, >or for a copy of our privacy practices, please visit us on the Internet >at www.amc.edu. > > [[alternative HTML version deleted]] > >______________________________________________ >R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see >https://stat.ethz.ch/mailman/listinfo/r-help >PLEASE do read the posting guide >http://www.R-project.org/posting-guide.html >and provide commented, minimal, self-contained, reproducible code.-- Sent from my phone. Please excuse my brevity.
On 6/18/20 3:41 PM, John Harrold wrote:> Hello Kristin, > > Are you talking about risk analysis from the perspective of software > vulnerabilities?It appears that is exactly what is being asked. What is not clear is whether the installation would be offered to persons or groups on the network with no other security wrappers. R has never claimed to be "web-safe". It offers access to system level commands and file system manipulation that would probably compromise security arrangements.? In fact, over the course of the last 12 years when I've been reading this mailing list, there has never been a credible suggestion to offer R applications to untrusted users. Quite the opposite. Naked R is surely not going to pass any sort threat or risk scrutiny. My suggestion would be to investigate various wrappers for R such as Rstudio or the Microsoft re-worked version of what used to be Revolution R. They have lawyers and offer "enterprise solutions" and would presumably be able to speak to some sort of security analysis.? Whether either of those approaches would provide the level of security needed by a healthcare organization would be an interesting question. Perhaps yopu can report back after completing your investigation? -- David.> > John > > On Thu, Jun 18, 2020 at 3:21 PM Wait, Kristin <WaitK at amc.edu> wrote: > >> HI all, >> >> I am with a NYS major trauma center and all programs that our >> employees/providers use must be vetted through the IT Department by way of >> a Risk Analysis. >> Is there someone I would talk to about this? >> >> I scoured your website and could not find a specific person. >> >> Thank you so much >> Kristin Wait >> Albany, NY >> ----------------------------------------- CONFIDENTIALITY NOTICE: This >> email and any attachments may contain confidential information that is >> protected by law and is for the sole use of the individuals or entities to >> which it is addressed. If you are not the intended recipient, please notify >> the sender by replying to this email and destroying all copies of the >> communication and attachments. Further use, disclosure, copying, >> distribution of, or reliance upon the contents of this email and >> attachments is strictly prohibited. To contact Albany Medical Center, or >> for a copy of our privacy practices, please visit us on the Internet at >> www.amc.edu. >> >> [[alternative HTML version deleted]] >> >> ______________________________________________ >> R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see >> https://stat.ethz.ch/mailman/listinfo/r-help >> PLEASE do read the posting guide >> http://www.R-project.org/posting-guide.html >> and provide commented, minimal, self-contained, reproducible code. >> >
Just as a matter of curiosity, what are some of the programs that have already been vetted, what methods were used, and how long did the vetting take? As the R guidance points out, R was not designed for creating or updating medical records, so it should be treated the same way as say LibreOffice Calc or Matlab. On Fri, 19 Jun 2020 at 10:21, Wait, Kristin <WaitK at amc.edu> wrote:> HI all, > > I am with a NYS major trauma center and all programs that our > employees/providers use must be vetted through the IT Department by way of > a Risk Analysis. > Is there someone I would talk to about this? > > I scoured your website and could not find a specific person. > > Thank you so much > Kristin Wait > Albany, NY > ----------------------------------------- CONFIDENTIALITY NOTICE: This > email and any attachments may contain confidential information that is > protected by law and is for the sole use of the individuals or entities to > which it is addressed. If you are not the intended recipient, please notify > the sender by replying to this email and destroying all copies of the > communication and attachments. Further use, disclosure, copying, > distribution of, or reliance upon the contents of this email and > attachments is strictly prohibited. To contact Albany Medical Center, or > for a copy of our privacy practices, please visit us on the Internet at > www.amc.edu. > > [[alternative HTML version deleted]] > > ______________________________________________ > R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see > https://stat.ethz.ch/mailman/listinfo/r-help > PLEASE do read the posting guide > http://www.R-project.org/posting-guide.html > and provide commented, minimal, self-contained, reproducible code. >[[alternative HTML version deleted]]
Ummm...Except that Matlab is proprietary and for profit, not open source. Did you perhaps mean Octave? Bert Gunter "The trouble with having an open mind is that people keep coming along and sticking things into it." -- Opus (aka Berkeley Breathed in his "Bloom County" comic strip ) On Thu, Jun 18, 2020 at 6:31 PM Richard O'Keefe <raoknz at gmail.com> wrote:> Just as a matter of curiosity, what are some of the programs > that have already been vetted, what methods were used, and > how long did the vetting take? > > As the R guidance points out, R was not designed for > creating or updating medical records, so it should be > treated the same way as say LibreOffice Calc or Matlab. > > On Fri, 19 Jun 2020 at 10:21, Wait, Kristin <WaitK at amc.edu> wrote: > > > HI all, > > > > I am with a NYS major trauma center and all programs that our > > employees/providers use must be vetted through the IT Department by way > of > > a Risk Analysis. > > Is there someone I would talk to about this? > > > > I scoured your website and could not find a specific person. > > > > Thank you so much > > Kristin Wait > > Albany, NY > > ----------------------------------------- CONFIDENTIALITY NOTICE: This > > email and any attachments may contain confidential information that is > > protected by law and is for the sole use of the individuals or entities > to > > which it is addressed. If you are not the intended recipient, please > notify > > the sender by replying to this email and destroying all copies of the > > communication and attachments. Further use, disclosure, copying, > > distribution of, or reliance upon the contents of this email and > > attachments is strictly prohibited. To contact Albany Medical Center, or > > for a copy of our privacy practices, please visit us on the Internet at > > www.amc.edu. > > > > [[alternative HTML version deleted]] > > > > ______________________________________________ > > R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see > > https://stat.ethz.ch/mailman/listinfo/r-help > > PLEASE do read the posting guide > > http://www.R-project.org/posting-guide.html > > and provide commented, minimal, self-contained, reproducible code. > > > > [[alternative HTML version deleted]] > > ______________________________________________ > R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see > https://stat.ethz.ch/mailman/listinfo/r-help > PLEASE do read the posting guide > http://www.R-project.org/posting-guide.html > and provide commented, minimal, self-contained, reproducible code. >[[alternative HTML version deleted]]
I use R every day with pretty sensitive data in my county health department. Of course, this is for manipulation and analysis of data pulled from their sources, not for interacting directly with, or updating, patient records in any clinically operational sense. As others have said, the structure and security of the overall computing environment is what matters most. --Chris Ryan Wait, Kristin wrote:> HI all, > > I am with a NYS major trauma center and all programs that our employees/providers use must be vetted through the IT Department by way of a Risk Analysis. > Is there someone I would talk to about this? > > I scoured your website and could not find a specific person. > > Thank you so much > Kristin Wait > Albany, NY > ----------------------------------------- CONFIDENTIALITY NOTICE: This email and any attachments may contain confidential information that is protected by law and is for the sole use of the individuals or entities to which it is addressed. If you are not the intended recipient, please notify the sender by replying to this email and destroying all copies of the communication and attachments. Further use, disclosure, copying, distribution of, or reliance upon the contents of this email and attachments is strictly prohibited. To contact Albany Medical Center, or for a copy of our privacy practices, please visit us on the Internet at www.amc.edu. > > [[alternative HTML version deleted]] > > ______________________________________________ > R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see > https://stat.ethz.ch/mailman/listinfo/r-help > PLEASE do read the posting guide http://www.R-project.org/posting-guide.html > and provide commented, minimal, self-contained, reproducible code. >