Thursday, January 03, 2013

“It's not like it's a Presidential election, this is important!” But the problems are very similar...
E-Voting Snafu Pushes Back Oscar Nomination Deadline
This year, Oscar voters are getting a deadline extension, giving members an extra day to vote on the nominees for this year’s Academy Awards after technical issues plagued the first attempt by The Academy of Motion Picture Arts and Sciences to allow online voting.
… In a recent Hollywood Reporter analysis, many Academy voters complained of issues with logging in to the voting site — something an Academy representative attributed to voters “forgetting or misusing passwords” – difficulty navigating the site once they were logged in, and even the potential for hackers to infiltrate the website and influence the vote.
“They should have had more lead time than, ‘Here you go; this is what we are expecting now,’” one Academy voter told THR. “We’re talking about many elderly people who are not that computer literate. They might think that it’s simple, but the simplest thing isn’t simple to many people... There will probably be a large percentage of people who will just say, ‘Screw it’ and not even vote this year.”

Is it better to come right out and admit, “We have no clue what was on that laptop” or is it better to say, “The breach was limited to only 200 patients...” “Oh yeah, these 300 were impacted too...” “And we have discovered a few hundred more...”
By Dissent, January 2, 2013 5:29 pm
When an electronic device with unencrypted patient information was stolen from the unattended vehicle of an Omnicell employee, the University of Michigan Health System notified 3,997 of their patients, but there were other hospitals that were not named at the time.
Thanks to WVEC, we now know 56,000 Sentara Healthcare patients treated between Oct. 18 and Nov. 9 at seven Sentara hospitals and three outpatient care centers in Hampton Roads, Virginia were also impacted by the theft. Sentara posted a notice on their web site that says, in part:
Omnicell’s investigation concluded that the device may have contained clinical and demographic information about Sentara patients, including patient name, birth date, patient number and medical record number. Additionally, one or more of the following clinical information may have been involved:
Gender; allergies; admission date and/or discharge date; physician name; patient type (i.e., inpatient, emergency department or outpatient); site and area of the hospital (e.g., specific inpatient or outpatient unit/area); room number; medication name; and medication dose amount and rate, route (e.g., oral, infusion, etc.), frequency, administration instructions, and start time and/or stop time.
Patient medical records were not on the device, [See previous paragraph Bob] and patient medical information has not been lost. Also, no financial, bank account information, Social Security number, or insurance information pertaining to any Sentara patient was on the device.
The incident affected only certain patients treated between October 18, 2012 and November 9, 2012 at Sentara CarePlex, Sentara Leigh Hospital, Sentara Norfolk General Hospital, Sentara Obici Hospital, Sentara Princess Anne Hospital, Sentara Virginia Beach General Hospital, Sentara Williamsburg Regional Medical Center, Sentara BelleHarbour, Sentara Independence, and Sentara Port Warwick.

(Related) “And we forgot a few other states...”
By Dissent, January 2, 2013 8:09 pm
And yet another organization — South Jersey Healthcare — has come forward to say that their patients were affected by the Omnicell breach discussed previously on this blog. According to The Daily Journal, 8,555 of their patients were affected.
Interestingly, The Daily Journal describes the device as a laptop. All other coverage has been silent as to the type of electronic device. I wonder if that’s an assumption on their part or they got a statement from someone identifying the device as a laptop. I’ve emailed the reporter to ask.

Now if someone will actuall read them...
By Dissent, January 2, 2013 3:01 pm
The current issue of the Journal of the American Medical Informatics Association is devoted to patient privacy and data sharing. Some of the articles are freely available in full text.
You can find the table of contents here.

Some details...
By Dissent, January 2, 2013 2:45 pm
I was hoping we’d get more information about this settlement and now HHS has provided it. As I had suspected, the Hospice of North Idaho breach affected fewer than 500 patients. And as a commenter suggested, the fine was because they had no risk analysis nor policies for mobile device security. From HHS’s press release:
The Hospice of North Idaho (HONI) has agreed to pay the U.S. Department of Health and Human Services’ (HHS) $50,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. This is the first settlement involving a breach of unprotected electronic protected health information (ePHI) affecting fewer than 500 individuals.
The HHS Office for Civil Rights (OCR) began its investigation after HONI reported to HHS that an unencrypted laptop computer containing the electronic protected health information (ePHI) of 441 patients had been stolen in June 2010. Laptops containing ePHI are regularly used by the organization as part of their field work. Over the course of the investigation, OCR discovered that HONI had not conducted a risk analysis to safeguard ePHI. Further, HONI did not have in place policies or procedures to address mobile device security as required by the HIPAA Security Rule. Since the June 2010 theft, HONI has taken extensive additional steps to improve their HIPAA Privacy and Security compliance program.
“This action sends a strong message to the health care industry that, regardless of size, covered entities must take action and will be held accountable for safeguarding their patients’ health information.” said OCR Director Leon Rodriguez. “Encryption is an easy method for making lost information unusable, unreadable and undecipherable.”
The Health Information Technology for Economic and Clinical Health (HITECH) Breach Notification Rule requires covered entities to report an impermissible use or disclosure of protected health information, or a “breach,” of 500 individuals or more to the Secretary of HHS and the media within 60 days after the discovery of the breach. Smaller breaches affecting less than 500 individuals must be reported to the Secretary on an annual basis.
A new educational initiative, Mobile Devices: Know the RISKS. Take the STEPS. PROTECT and SECURE Health Information, has been launched by OCR and the HHS Office of the National Coordinator for Health Information Technology (ONC) that offers health care providers and organizations practical tips on ways to protect their patients’ health information when using mobile devices such as laptops, tablets, and smartphones. For more information, visit
The Resolution Agreement can be found on the OCR website at
The settlement puts HONI under monitoring for two years and requires a prompt notification (within 30 days) to OCR in the event of any reportable incidents.

A sad commentary... Perhaps they could publish the names and addresses of the “mentally challenged” people who made the threats?
"Not long ago we ran a story about how a NY newspaper published lists of gun owners. Now, it seems the same newspaper has hired armed guards in response to unspecified threats to the editor, amid 'large volumes of negative response.' From the article: 'The editor, Caryn McBride, told police the newspaper hired a private security company whose "employees are armed and will be on site during business hours," [At home, after working hours, you might feel safer is you have a gun... Bob] the report said. The guards are protecting the newspaper's staff and Rockland County offices in West Nyack, New York.'"

Which came first, the legal strategy or the military (political?) strategy?
Alice in Wonderland’ Ruling Lets Feds Keep Mum on Targeted-Killing Legal Rationale
The President Barack Obama administration does not have to disclose the legal basis for its drone targeted killing program of Americans, according to a Wednesday decision a judge likened to “Alice in Wonderland”.
U.S. District Court Judge Colleen McMahon of New York, ruling in lawsuits brought by the American Civil Liberties Union and The New York Times, said she was caught in a “paradoxical situation” (.pdf) of allowing the administration to claim it was legal to kill enemies outside traditional combat zones while keeping the legal rational secret.
… The authorities have conceded, however, that a Justice Department Office of Legal Counsel opinion addresses the issue, but maintain that it does not have to be made public. “It is beyond the power of this court to conclude that a document has been improperly classified,” the judge wrote.
Politico’s Josh Gerstein, who first reported the opinion, notes that such a statement by the judge is false, and that in “very rare cases” judges “have done so.”

Interesting... Similar to charging a gun manufacturer with murder?
Write Gambling Software, Go to Prison
In a criminal case sure to make programmers nervous, a software maker who licenses a program used by online casinos and bookmakers overseas is being charged with promoting gambling in New York because authorities say his software was used by others for illegal betting in that state.
… But Stuart, who has been charged along with his wife and brother-in-law with one felony count for promoting gambling in New York through their software firm, says that his company sells the software only to entities outside the U.S. and that he’s not aware of anyone using it in the U.S. or using it to take illegal bets in the U.S. He also says the software doesn’t place bets, it simply provides online gambling sites with the infrastructure to select and display which sporting events they want to offer for betting and also stores the bets.

Stupid Copyright tricks?
"Eriq Gardner writes that Warner Brothers is suing California resident Mark Towle, a specialist in customizing replicas of automobiles featured in films and TV shows, for selling replicas of automobiles from the 1960s ABC series Batman by arguing that copyright protection extends to the overall look and feel of the Batmobile. The case hinges on what exactly is a Batmobile — an automobile or a piece of intellectual property? Warner attorney J. Andrew Coombs argues in legal papers that the Batmobile incorporates trademarks with distinctive secondary meaning and that by selling an unauthorized replica, Towle is likely to confuse consumers about whether the cars are DC products are not. Towle's attorney Larry Zerner, argues that automobiles aren't copyrightable. 'It is black letter law that useful articles, such as automobiles, do not qualify as "sculptural works" and are thus not eligible for copyright protection,' writes Zerner adding that a decision to affirm copyright elements of automotive design features could be exploited by automobile manufacturers. 'The implications of a ruling upholding this standard are easy to imagine. Ford, Toyota, Ferrari and Honda would start publishing comic books, so that they could protect what, up until now, was unprotectable.'"

"Do you like to tweet or share links to interesting news articles? According to a coalition of Irish newspapers, that makes you a pirate. The National Newspapers of Ireland has adopted a new policy. Any website which links to one of the 15 NNI member newspapers will have to pay a minimum of 300 Euros, with the license fee going up if you post more links. Note that this is not a fee to post an excerpt or some punitive measure for the copying of an entire article. No, the NNI wants to charge for links alone. It's almost as if this organization has no idea how the web works. Or maybe they have found an elaborate way to commit suicide."

"A new patent troll is in town, this time targeting the users of technology, rather than the creators. They appear to hold a process patent for 'scanning a document and then emailing it.' They are targeting small businesses in a variety of locations and usually want somewhere between $900 to $1200 per employee for 'infringement' of their patent. As with most patent trolls, they go by a number of shell companies, but the original company name appears to be Project Paperless LLC. Joel Spolsky said in a tweet that 'This is organized crime, plain and simple...' I tend to agree with him. When will something be done about this legal mafia?"

Interesting hack!
Apple most likely sighed a huge sigh of relief when they found out that Installous, the popular jailbroken pirating app for iOS, shut down a couple days ago. However, it looks like there’s another threat to replace Installous. A new hack allows users to bypass Apple DRM and install pirated apps without the need to jailbreak.
Zeusmos and Kuaiyong are two alternatives to Installous, and both have been gaining significance since the exit of Installous. The former has been around for a few months now, while the latter has appeared almost from nowhere over the past couple of weeks. Both of these services offer simple, one-tap installs of pirated apps and don’t require that devices be jailbroken.

For my Statistics class. Remember, the Colts released Payton Manning because (statistically) he was over the hill. New Statistical Axiom: Never bet against Peyton Manning.
"Can data-analytics software win a Super Bowl? That's what the Buffalo Bills are betting on: the NFL team will create an analytics department to crunch player data, building on a model already well established in professional baseball and basketball. 'We are going to create and establish a very robust football analytics operation that we layer into our entire operation moving forward,' Buffalo Bills president Russ Brandon recently told The Buffalo News. 'That's something that's very important to me and the future of the franchise.' The increased use of analytics in other sports, he added, led him to make the decision: 'We've seen it in the NBA. We've seen it more in baseball. It's starting to spruce its head a little bit in football, and I feel we're missing the target if we don't invest in that area of our operation, and we will.'"

An introduction to Arbitrage (and the stupidity of the “We gotta do something!” crowd) Go to your favorite online site, download some free games, burn a few thousand CDs and buy the dang waterpark!
It would appear that the folks in Southington, Connecticut are looking to terminate the enemy with extreme prejudice – the enemy being violent media of all shapes and sizes. The group hosting the event by the name of “Violent Video Games Return Program” will be allowing in all manner of violent media with a promise that they’ll get a $25 “certificate” for every unit they turn in from the local Chamber of Commerce. One thing they’ll be sure to have victory on is a massive pile of old games and movies, that’s for sure – how empty their pocketbooks will be at the end of this may be a different story.
… The event will be held at the local drive-in movie theater on the 12th of January and will include “a $25 gift voucher intended to be used for other forms of entertainment, like perhaps, a local water park.”

Might be amusing (in a geeky way)
Last year a group of UK teachers started working on a Creative Commons licensed teaching manual for the Raspberry Pi. That work has produced the Raspberry Pi Education Manual which is available at the Pi Store or here as a PDF. From Raspberry Pi: "The manual is released under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 unported licence, which is a complicated way of saying that it’s free for you to download, copy, adapt and use – you just can’t sell it. You’ll find chapters here on Scratch, Python, interfacing, and the command line. There’s a group at Oracle which is currently working with us on a faster Java virtual machine (JVM) for the Pi, and once that work’s done, chapters on Greenfoot and Geogebra will also be made available – we hope that’ll be very soon."

Who uses this?
Whether you’re a free Flickr user or a pro account holder, you are entitled to receive a gift from Flickr – the gift of a pro account for three months! But, hurry as the promotion ends on January 4th.
All you need to do to activate your free gift from Flickr is to log in to your Flickr account via a mobile application or the desktop. Mobile users will automatically receive the gift with no action required. If you use the desktop, a banner will show you the offer of three months for free and all you need to do is accept the deal. It really couldn’t be easier!

For all my students...
A growing number of colleges are providing graduating students tools to improve their online image. The services arrange for positive results on search engine inquiries by pushing your party pictures, and other snapshots of your lapsed judgement off the first page. Syracuse, Rochester and Johns Hopkins are among the schools that are offering such services free of charge. From the article: "Samantha Grossman wasn't always thrilled with the impression that emerged when people Googled her name. 'It wasn't anything too horrible,' she said. 'I just have a common name. There would be pictures, college partying pictures, that weren't of me, things I wouldn't want associated with me.' So before she graduated from Syracuse University last spring, the school provided her with a tool that allowed her to put her best Web foot forward. Now when people Google her, they go straight to a positive image — professional photo, cum laude degree and credentials — that she credits with helping her land a digital advertising job in New York."

… Many people often think that the “Internet stuff” is just for technology careers and young people, but it’s not. There are many cases where having a solid online presence has proven beneficial to people of all ages and industries.
Don’t Share Anything You Don’t Want EVERYONE To See
Be Open & Share Your Interests, Skills & Passions
Create a Personal Website &/Or Blog
Find Your Niche In The Social Media Community
Blogging & Guest Blogging
Communicate With Your Followers & Those You Follow

No comments: