Monday, October 17, 2011


Now this is truly scary...
By Dissent, October 17, 2011
Pamela Lewis Dolan reports:
One-third of health care organizations, including physician practices, insurers and pharmacies, have reported catching a patient using the identity of someone else to obtain services, according to a report from the professional services firm PwC.
[...]
Medical identity theft is still a small percentage of the total amount of identity theft that occurs, but it’s the fastest-growing segment, said Jim Koenig, director and leader of PwC’s identity theft practice.
Read more on American Medical News.
[From the article:
The report, "Old Data Learns New Tricks," by PwC's Health Research Institute, said the problem -- and consequences -- of medical identity theft could get worse as electronic sharing of patient data increases. Physicians unwittingly could end up using information obtained during a visit with an identity thief in deciding how to treat a patient, for example.


Excellent summary. It takes much less effort and expense to check that these controls are in place than to deal with a security breach that didn't bother with them.
By Dissent, October 16, 2011
Tony Kennedy and Maura Lerner report on the aftermath of a contractor breach that affected patients at Fairview and North Memorial hospitals in Minnesota. For those who may not recall the Accretive breach, the reporters provide a summary:
On the night of July 28, according to police reports, a consultant named Matthew Doyle, who worked for Accretive Health Inc., left a Dell laptop in the back seat of a rental car parked in the Seven Corners bar and restaurant district in Minneapolis. When he returned after 10 p.m., the back window was smashed and the computer was missing.
The laptop contained information on 14,000 Fairview patients and 2,800 North Memorial patients, potentially exposing them to identity theft or other harm.
The bulk of the news story deals with Accretive Health’s failure to encrypt and adequately secure the data, noting that nationwide, there are about three reports per month of stolen laptops with unencrypted patient data. I think that estimate is way too low and that we’re only finding out about an average of three per month but there are likely many more.
But what have the Minnesota hospitals learned from the breach and how has it affected their relationship with Accretive?
Lois Dahl, Fairview’s information privacy director, said the mistake has taught the hospital to verify, not just trust, that its contractors are living up to privacy obligations.
Fairview also is considering dropping Social Security numbers from records shared with outside business partners, Dahl said. The hospital also wants to tighten practices to ensure it is not giving vendors more patient information than necessary, she said.
Bingo! It’s a shame it took this breach for them to learn those lessons, but if they’ve learned them now, I’m glad for that.
For its part, Accretive has started daily audits [I assume this is an automated audit – software checking that encryption programs are installed and active? Bob] to ensure encryption on all devices carrying patient information, Kazarian said. The company also has “reaffirmed” rules for keeping laptops secure, he said.
And what are their rules? It would be nice to know what they are instructing employees – other than not to leave a laptop in the back seat of a car in a bar parking lot.
Harley Geiger of the Center for Democracy and Technology (CDT) described the breach as “failure of diligence,” and I concur. But it’s not just the contractor’s diligence. As the hospital now realizes, covered entities need to verify that contractors are living up to the terms of any contract in terms of protecting the privacy and security of patient data.
Yesterday, in another sector, we saw how the SEC discovered that a contractor had shared data with unapproved and un-vetted subcontractors. SEC notified its employees of the breach, but the impressive part is that they audited and verified what was happening to data they had shared with the contractor. More HIPAA-covered entities would benefit from the “trust but verify” approach. It’s just not enough to have clauses in a contract and when covered entities are themselves audited, I hope they are asked to indicate how often and how they verify that business associates are adhering to the security and privacy protections in their contract.
“This was not the result of some sophisticated attack,” Geiger said.
No, indeed. And I am hard-pressed to think of any sophisticated attacks on patient data that we have seen. Most of them seem to be reasonably low-level attacks that could have been fairly easily prevented. Besides, why knock yourself out attacking networks when there is so much low-hanging fruit just lying around for the taking?


On one hand, this is done with fingerprints to avoid crime scene confusion. On the other hand, this make the cops feel like the second class citizens they serve and protect.
Police cite privacy concerns over their own DNA
October 16, 2011 by Dissent
Dave Collins of Associated Press reports:
When police in southern Louisiana were investigating the deaths of eight women in 2009, the sophistication of the crimes set off rumors that the serial killer was a police officer — speculation that became so pervasive that officials ordered DNA testing of law enforcement personnel to rule it out.
All local officers agreed to the testing and were eliminated as suspects, but the killer remains at large, said Jefferson Davis Parish Sheriff Ricky Edwards.
Having officers’ DNA samples on file is important for saving time in investigations and fending off doubt about evidence at trials because it allows authorities to identify unknown genetic material found at crime scenes, Edwards and other police and crime lab officials say.
Police in other parts of the country, however, are not as willing to hand over their DNA. Rank-and-file police from Connecticut to Chicago to Los Angeles have opposed what some experts say is a slowly emerging trend in the U.S. to collect officers’ DNA
Read more on SacBee.
Wow is this a slippery slope. If you collect DNA from police as a pre-condition of employment, and their DNA goes into a national database, what happens when the individual retires or quits the force? And what if a DNA search of the database reveals that a police officer is likely related to an unknown/as-yet-unidentified suspect?
I have long opposed the expanding collection of DNA from those who are not convicted of crimes. Collecting DNA for employment is equally – or even more – problematic, and I support the officers’ unions who are fighting this.


This is interesting (and not just because I didn't know Pirates had a Top Ten list) because I don't think any of these movies are interesting enough to borrow from the local library. Are they just easy to find online?


Keeping up. Perhaps Amazon could provide me with a market? “Centennial-Man: the book”
Amazon Signs Up Authors, Writing Publishers Out of Deal
Amazon.com has taught readers that they do not need bookstores. Now it is encouraging writers to cast aside their publishers.
… “The only really necessary people in the publishing process now are the writer and reader,” he said. “Everyone who stands between those two has both risk and opportunity.”


Keeping up. Monetizing “Free” Did you like that viral video? Buy the T-shirt!
YouTube Now Allows Music Partners To Sell Merchandise, Digital Downloads And Event Tickets
We already know that YouTube is seeing 3 billion videos viewed per day day, but now the online video giant is now seeing a whopping 800 million people per month visiting the site, Google revealed in its third-quarter earnings report last week. And today, YouTube is also announcing the ability to sell merchandise, tickets and more via the site.
Through a feature called the Merch Store, YouTube partners will be able to sell artist merchandise, digital downloads, concert tickets and other experiences to fans and visitors. YouTube has partnered with a number of companies to launch these stores. Topspin is helping power merchandise sales, concert tickets and experiences; SongKick will help sell tickets for concerts; and iTunes and Amazon will power transactions for music downloads.

(Related) Interesting incentives for the music publishers... Something Apple and Amazon can't offer?
Google to launch cloud-connected music store?
With more than a healthy presence in major technology markets such as online search and computer operating software, it would appear Google is now angling to steal the limelight where online multimedia distribution is concerned.
That’s according to a report in the New York Times that claims the California-based titan plans to launch a cloud-connected music store capable of rivaling those of both Apple and Amazon.
… Some of the copyright protection tools enforced by said plan would see Google filtering piracy-related terms from search results and responding to publisher takedown notices within a period of 24 hours.


Might have value in any meeting. “Are we all on the same page?” Find out immediately, before everyone runs off and does their own thing...
An educational platform that aims to leverage the kind of technology which is actively available on classrooms nowadays, Socrative empowers teachers to engage their students with educational activities on laptops, smartphones and tablets. These include exercises, quizzes and games, and teachers are enabled to correct and grade everything instantly. And then, to provide their students with timely feedback. All of the Socrative apps can be set up in minutes, and they load in seconds.
When it comes to multiple choice, true/false and short answer questions, the responses of students are represented visually. And as far as pre-planned activities go, teachers can view reports online as a Google spreadsheet, or as an Excel file that's been sent via e-mail.
Socrative, then, allows teachers to assess their students and improve learning over time. A service like this one was long overdue - although laptops and tablets have become available within classrooms settings, they haven't really been put to the best possible uses yet. The right apps just weren't there. But now that companies like Socrative are delivering them, we might as well be on the verge of witnessing some really groundbreaking educational developments.

No comments: