Sunday, April 18, 2010

Can we agree that some “Best Practices” were ignored?

http://www.phiprivacy.net/?p=2457

Lost CD spurs hunt by NYS Department of Health

By Dissent, April 17, 2010 1:19 pm

Rick Karlin reports from New York:

A compact disc containing the names of 328,000 New Yorkers with developmental and other health issues has been missing for almost a month, prompting a massive desk-by-desk search at the state Department of Health’s Corning Tower headquarters.

“We have not been able to locate within our Early Intervention program unit one disc out of two discs that we received from New York City,” DOH spokeswoman Claudia Hutton said.

“At this point, we have no reason to believe they’ve left the building.”

Adding to concern is the fear that the disc’s password may be written on the outside, although Hutton said the disc is encrypted and could not be read without advanced technical skill.

The disc contains two decades worth of names, addresses and diagnostic codes for people who received early intervention services in New York City.

[...]

She said the DOH won’t have to notify people whose names are on the disc because it doesn’t contain diagnoses or other medical information that would be covered by federal privacy laws.

Along with the names and addresses, the disc contains codes that relate to the services the individuals received, Hutton said.

Read more in the Times Union.

Although encryption usually provides safe harbor, I’m not sure how the possibility that the password may be written on the disc factors in here. It seems that the strongest argument for not needing to notify is that there are no diagnostic codes. CPT codes for speech therapy, occupational therapy, etc., don’t really reveal that much information. Even so, my preference would be to notify people.



“Well gosh, we didn't know it was Cloud Computing. We didn't know the data was in another country. We just knew it was cool!”

http://www.phiprivacy.net/?p=2452

How Apple and Opera Mini just exposed your Medical Records to the world

By Dissent, April 17, 2010 10:14 am

Jared Houck dropped me a note to point me to this article he wrote pointing out a potential security risk when using Apple and Opera Mini:

…. We’re quite sure that the iPhone and iPad see some use in the health care trenches. So, we’re gonna go out on a limb here to suggest that many of those same medical professionals have downloaded the Opera Mini app and used it to check out your medical record. So…what’s the problem here?

The Opera Mini Browser displays web pages quickly by using data compression on Opera’s servers in Norway. Each web page you visit (yes, even those with encryption) is decrypted, compressed, and recompiled into Opera’s proprietary markup language. The information is then re-encrypted and forwarded back to you. While the to-and-fro connection to Opera’s servers is encrypted, the technical mumbo jumbo in the middle is not. Essentially, Opera can see/cache/log everything you do while using the Opera Mini Browser app – including every single medical record viewed through the Opera Mini app on an iPhone or iPad since Tuesday. And to the best of my abilities to understand the data encryption requirements from the Health Insurance Portability and Accountability Act (HIPAA), this is tiptoeing into some pretty dangerous waters.

Read more on Healthcare IT Squad.



“Sign up and we notify you when new coupons are posted!”

http://yro.slashdot.org/story/10/04/17/1540231/Web-Coupons-Tell-Stores-More-Than-You-Realize?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Web Coupons Tell Stores More Than You Realize

Posted by Soulskill on Saturday April 17, @01:40PM

Hugh Pickens writes

"The NY Times reports that a new breed of coupon, printed from the Internet or sent to mobile phones, look standard, but their bar codes can be loaded with a startling amount of data, including identification about the customer, Internet address, Facebook page information, and even the search terms the customer used to find the coupon in the first place. The coupons can, in some cases, be tracked not just to an anonymous shopper but to an identifiable person: a retailer could know that Amy Smith printed a 15-percent-off coupon after searching for appliance discounts at Ebates.com on Friday at 1:30 pm and redeemed it later that afternoon at the store. Using coupons also lets the retailers get around Google hurdles. Google allows its search advertisers to see reports on which keywords are working well as a whole but not on how each person is responding to each slogan. That alarms some privacy advocates. Companies can 'offer you, perhaps, less desirable products than they offer me, or offer you the same product as they offer me but at a higher price,' said Ed Mierzwinski, consumer program director for the United States Public Interest Research Group, which has asked the Federal Trade Commission for tighter rules on online advertising. 'There really have been no rules set up for this ecosystem.'"



Was it ever about the customers?

http://tech.slashdot.org/story/10/04/17/134231/Comcast-Customers-Urged-To-Opt-Out-of-Settlement?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Comcast Customers Urged To Opt-Out of Settlement

Posted by Soulskill on Saturday April 17, @10:36AM

funchords writes

"As a settlement to the class-action lawsuits over Comcast's blocking of users' Internet traffic, Comcast stands to pay 'up to' $16.00 to every subscriber who makes a claim at their settlement website and declares, under penalty of perjury, that their online activity was for a lawful purpose consistent with applicable copyright and other laws. Robb Topolski, the veteran networking engineer who kicked off the case when he discovered the blocking back in 2007, says that the proposed settlement doesn't make sense, especially after the US Court of Appeals for the District of Columbia Circuit ruled this month that the US Federal Communications Commission didn't have the authority to enforce its Net neutrality principles on Comcast. 'You paid about $50 a month for the service, and the amount that Comcast stands to return is up to about 50c per month for each month that it blocked traffic,' he wrote. 'If that tiny amount of money is compensation, then there is no penalty to Comcast for interfering with its customers, for failing to disclose it, for repeatedly lying about it, and for taking so long to stop it.' The Associated Press and the Electronic Frontier Foundation, in late 2007, each independently confirmed Topolski's reports that Comcast was blocking BitTorrent and some other traffic without telling its customers. Comcast first denied interfering with traffic, then finally said it throttled some applications only during times of peak congestion. However, studies from the Max Planck Institute for Software Systems in Germany eventually proved that Comcast slowed BitTorrent traffic around the clock."



For my website class

http://sixrevisions.com/tools/the-top-15-google-products-for-people-who-build-websites/

The Top 15 Google Products for People Who Build Websites

No comments: