Mo' People, Mo' Problems
It doesn't matter if you are the NSA or an HMO. No matter what, outsourcing private data puts you at risk. Off-shore or within the US, the dangers are substantial. Just look at Cogent, this month's healthcare breach example: Cogent Healthcare, Inc., which manages several physician groups throughout the United States, recently began notifying approximately 32,000 patients of physicians in 24 such physican groups that their personal health information (PHI) may have been exposed online (h/t FierceHealthIT).
The company had contracted with the medical transcription company M2ComSys to transcribe patient care notes for some of its physician groups. M2ComSys then stored those notes, which included patients' names, birthdates, diagnoses, summaries of treeatments provided, medical histories, medical record numbers, and physicians' names, on a Web site that was supposed to be secure.
A security lapse by M2ComSys, however, apparently exposed some of those notes to online access. Remember, most of the laws and regulators don't care whether or not it was you or a third party that exposed your data. The originating company is always held accountable. Don't risk it. Lock your data down before doing anything with it!