“It's not like it's a Presidential
election, this is important!” But the problems are very similar...
E-Voting
Snafu Pushes Back Oscar Nomination Deadline
This year, Oscar voters are getting a
deadline extension, giving members an
extra day to vote on the nominees for this year’s Academy
Awards after technical issues plagued the first attempt by The
Academy of Motion Picture Arts and Sciences to allow online voting.
… In a recent Hollywood
Reporter analysis, many Academy voters complained of issues
with logging in to the voting site — something an Academy
representative attributed to voters “forgetting or misusing
passwords” – difficulty navigating the site once they were logged
in, and even the potential for hackers to infiltrate the website and
influence the vote.
“They should have had more lead time
than, ‘Here you go; this is what we are expecting now,’” one
Academy voter told THR. “We’re talking about many
elderly people who are not that computer literate. They might think
that it’s simple, but the simplest thing isn’t simple to many
people... There will probably be a large percentage of people who
will just say, ‘Screw it’ and not even vote this year.”
Is it better to come right out and
admit, “We have no clue what was on that laptop” or is it better
to say, “The breach was limited to only 200 patients...” “Oh
yeah, these 300 were impacted too...” “And we have discovered a
few hundred more...”
By Dissent,
January 2, 2013 5:29 pm
When an electronic device with
unencrypted
patient information was stolen from the unattended
vehicle of an Omnicell
employee, the University of Michigan Health System
notified 3,997 of their patients, but
there
were other hospitals that were not named at the time.
Thanks to WVEC,
we now know 56,000 Sentara
Healthcare patients treated between Oct. 18 and Nov. 9 at
seven Sentara hospitals and three outpatient care centers in Hampton
Roads, Virginia were also impacted by the theft. Sentara posted a
notice
on their web site that says, in part:
Omnicell’s
investigation concluded that the device may have contained clinical
and demographic information about Sentara patients, including patient
name, birth date, patient number and medical record number.
Additionally, one or more of the following clinical information may
have been involved:
Gender; allergies;
admission date and/or discharge date; physician name; patient type
(i.e., inpatient, emergency department or outpatient); site and area
of the hospital (e.g., specific inpatient or outpatient unit/area);
room number; medication name; and medication dose amount and
rate, route (e.g., oral, infusion, etc.), frequency, administration
instructions, and start time and/or stop time.
Patient
medical records were not on the device, [See previous paragraph Bob]
and patient medical information has not been lost. Also, no
financial, bank account information, Social Security number, or
insurance information pertaining to any Sentara patient was on the
device.
The incident
affected only certain patients treated between October 18, 2012 and
November 9, 2012 at Sentara
CarePlex, Sentara
Leigh Hospital,
Sentara Norfolk
General Hospital,
Sentara Obici
Hospital, Sentara
Princess Anne Hospital,
Sentara Virginia
Beach General Hospital,
Sentara Williamsburg
Regional Medical Center,
Sentara
BelleHarbour,
Sentara
Independence, and
Sentara Port
Warwick.
(Related) “And we forgot a few other
states...”
By Dissent,
January 2, 2013 8:09 pm
And yet another organization — South
Jersey Healthcare — has come forward to say that their
patients were affected by the Omnicell breach
discussed previously on this blog. According to The
Daily Journal, 8,555 of their patients
were affected.
Interestingly, The Daily Journal
describes the device as a laptop. All other coverage has been silent
as to the type of electronic device. I wonder if that’s an
assumption on their part or they got a statement from someone
identifying the device as a laptop. I’ve emailed the reporter to
ask.
Now if someone will actuall read
them...
By Dissent,
January 2, 2013 3:01 pm
The current issue of the Journal of
the American Medical Informatics Association is devoted to
patient privacy and data sharing. Some of the articles are freely
available in full text.
You can find the table of contents
here.
Some details...
By Dissent,
January 2, 2013 2:45 pm
I was hoping we’d get more
information about this settlement and now HHS has provided it. As I
had suspected, the Hospice
of North Idaho breach affected fewer than 500 patients. And as
a commenter suggested, the fine was because they
had no risk analysis nor policies for mobile device security.
From HHS’s press
release:
The Hospice of
North Idaho (HONI) has agreed to pay the U.S. Department of Health
and Human Services’ (HHS) $50,000 to
settle potential violations of the Health Insurance Portability and
Accountability Act of 1996 (HIPAA) Security Rule. This
is the first settlement involving a breach of unprotected electronic
protected health information (ePHI) affecting fewer than 500
individuals.
The HHS Office for
Civil Rights (OCR) began its investigation after HONI reported to HHS
that an unencrypted laptop computer
containing the electronic protected health information (ePHI) of 441
patients had been stolen in June 2010. Laptops containing ePHI are
regularly used by the organization as part of their field work. Over
the course of the investigation, OCR discovered that HONI had not
conducted a risk analysis to safeguard ePHI. Further, HONI did not
have in place policies or procedures to address mobile device
security as required by the HIPAA Security Rule. Since the June 2010
theft, HONI has taken extensive additional steps to improve their
HIPAA Privacy and Security compliance program.
“This action
sends a strong message to the health care industry that, regardless
of size, covered entities must take action and will be held
accountable for safeguarding their patients’ health information.”
said OCR Director Leon Rodriguez. “Encryption is
an easy method for making lost information unusable, unreadable and
undecipherable.”
The Health
Information Technology for Economic and Clinical Health (HITECH)
Breach Notification Rule requires covered entities to report an
impermissible use or disclosure of protected health information, or a
“breach,” of 500 individuals or more to the Secretary of HHS and
the media within 60 days after the discovery of the breach. Smaller
breaches affecting less than 500 individuals must be reported to the
Secretary on an annual basis.
A new educational
initiative, Mobile Devices: Know the RISKS. Take the STEPS.
PROTECT and SECURE Health Information, has been launched by
OCR and the HHS Office of the National Coordinator for Health
Information Technology (ONC) that offers health care providers and
organizations practical tips on ways to protect their patients’
health information when using mobile devices such as laptops,
tablets, and smartphones. For more information, visit
www.HealthIT.gov/mobiledevices.
The Resolution
Agreement can be found on the OCR website at
http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/honi-agreement.pdf
The settlement puts HONI under
monitoring for two years and requires a
prompt notification (within 30 days) to OCR in the event of any
reportable incidents.
A sad commentary... Perhaps they could
publish the names and addresses of the “mentally challenged”
people who made the threats?
"Not long ago we ran
a story about how a NY newspaper published lists of gun owners.
Now, it seems the same newspaper has hired
armed guards in response to unspecified threats to the editor,
amid 'large volumes of negative response.' From the article: 'The
editor, Caryn McBride, told police the newspaper hired a private
security company whose "employees are armed and will be on
site during business hours," [At
home, after working hours, you might feel safer is you have a gun...
Bob] the report said. The guards are
protecting the newspaper's staff and Rockland County offices in West
Nyack, New York.'"
Which came first, the legal strategy or
the military (political?) strategy?
‘Alice
in Wonderland’
Ruling Lets Feds Keep Mum on Targeted-Killing Legal Rationale
The President Barack Obama
administration does not have to disclose the legal basis for its
drone targeted killing program of Americans, according to a Wednesday
decision a judge likened to “Alice in Wonderland”.
U.S. District Court Judge Colleen
McMahon of New York, ruling in lawsuits brought by the American Civil
Liberties Union and The New York Times, said she was caught
in a “paradoxical
situation” (.pdf) of allowing the administration to claim it
was legal to kill enemies outside traditional combat zones while
keeping the legal rational secret.
… The authorities have conceded,
however, that a Justice Department Office of Legal Counsel opinion
addresses the issue, but maintain that it does not have to be made
public. “It is beyond the power of this court to conclude that a
document has been improperly classified,” the judge wrote.
Politico’s Josh Gerstein, who first
reported the opinion, notes that such a statement by the judge is
false, and that in “very rare cases” judges “have
done so.”
Interesting... Similar to charging a
gun manufacturer with murder?
Write
Gambling Software, Go to Prison
In a criminal case sure to make
programmers nervous, a software maker who licenses a program used by
online casinos and bookmakers overseas is being charged with
promoting gambling in New York because authorities say his software
was used by others for illegal betting in that state.
… But Stuart, who has been charged
along with his wife and brother-in-law with one felony count for
promoting gambling in New York through their software firm, says that
his company sells the software only to entities outside the U.S. and
that he’s not aware of anyone using it in the U.S. or using it to
take illegal bets in the U.S. He also says the software doesn’t
place bets, it simply provides online gambling sites with the
infrastructure to select and display which sporting events they want
to offer for betting and also stores the bets.
Stupid Copyright tricks?
"Eriq Gardner writes that
Warner Brothers is suing California resident Mark Towle, a specialist
in customizing replicas of automobiles featured in films and TV
shows, for selling
replicas of automobiles from the 1960s ABC series Batman by
arguing that copyright protection extends to the overall look and
feel of the Batmobile. The case hinges on what exactly is a
Batmobile — an automobile or a piece of intellectual property?
Warner attorney J. Andrew Coombs argues in legal papers that the
Batmobile incorporates trademarks with distinctive secondary meaning
and that by selling an unauthorized replica, Towle is likely
to confuse consumers about whether the cars are DC products are not.
Towle's attorney Larry Zerner, argues that automobiles aren't
copyrightable. 'It is black letter law that useful articles, such as
automobiles, do not qualify as "sculptural works" and are
thus not eligible for copyright protection,' writes Zerner adding
that a decision to affirm copyright elements of automotive design
features could be exploited by automobile manufacturers. 'The
implications of a ruling upholding this standard are easy to imagine.
Ford,
Toyota, Ferrari and Honda would start publishing comic books, so
that they could protect what, up until now, was unprotectable.'"
(Related)
"Do you like to tweet or share
links to interesting news articles? According to a coalition of
Irish newspapers, that
makes you a pirate. The National Newspapers of Ireland has
adopted a new policy. Any website which links to one of the 15 NNI
member newspapers will
have to pay a minimum of 300 Euros, with the license fee going up
if you post more links. Note that this is not a fee to post an
excerpt or some punitive measure for the copying of an entire
article. No, the NNI wants to charge for links alone. It's almost
as if this organization has no idea how the web works. Or maybe they
have found an elaborate way to commit suicide."
(Related)
"A new patent troll is in town,
this time targeting the users of technology, rather than the
creators. They appear to hold a
process patent for 'scanning a document and then emailing it.'
They are targeting small businesses in a variety of locations and
usually want somewhere between $900 to $1200 per employee for
'infringement' of their patent. As with most patent trolls, they go
by a number of shell companies, but the original company name appears
to be Project Paperless LLC. Joel Spolsky said in a tweet
that 'This is organized crime, plain and
simple...' I tend to agree with him. When will
something be done about this legal mafia?"
Interesting hack!
Apple most likely sighed a huge sigh of
relief when they found out that Installous, the popular jailbroken
pirating app for iOS, shut down a couple days ago. However, it looks
like there’s another threat to replace Installous. A new hack
allows users to bypass Apple DRM and install pirated apps without the
need to jailbreak.
Zeusmos and
Kuaiyong are two alternatives to Installous, and both have been
gaining significance since the exit of Installous. The former has
been around for a few months now, while the latter has appeared
almost from nowhere over the past couple of weeks. Both of these
services offer simple, one-tap installs of pirated apps and don’t
require that devices be jailbroken.
For my Statistics class. Remember, the
Colts released Payton Manning because (statistically) he was over the
hill. New Statistical Axiom: Never bet against Peyton Manning.
"Can data-analytics software
win a Super Bowl? That's what the Buffalo Bills are betting on: the
NFL team will create
an analytics department to crunch player data, building on a
model already well established in professional baseball and
basketball. 'We are going to create and establish
a very robust football analytics operation that we layer into our
entire operation moving forward,' Buffalo Bills president Russ
Brandon recently told The Buffalo News. 'That's something that's
very important to me and the future of the franchise.' The increased
use of analytics in other sports, he added, led him to make the
decision: 'We've seen it in the NBA. We've seen it more in baseball.
It's starting to spruce its head a little bit in football, and I
feel we're missing the target if we don't invest in that area of our
operation, and we will.'"
An introduction to Arbitrage (and the
stupidity of the “We gotta do something!” crowd) Go to your
favorite online site, download some free games, burn a few thousand
CDs and buy the dang waterpark!
It would
appear that the folks in Southington, Connecticut are looking to
terminate the enemy with extreme prejudice – the enemy being
violent media of all shapes and sizes. The group hosting the event
by the name of “Violent Video Games Return Program” will be
allowing in all manner of violent media with a promise that they’ll
get a $25 “certificate” for every unit they turn in from the
local Chamber of Commerce. One thing they’ll be sure to have
victory on is a massive pile of old games and movies, that’s for
sure – how empty their pocketbooks will be at the end of this may
be a different story.
… The
event will be held at the local drive-in movie theater on the 12th of
January and will include “a $25 gift voucher intended to be used
for other forms of entertainment, like perhaps, a local water park.”
Might be amusing (in a geeky way)
Last year a group of UK teachers
started working on a
Creative Commons licensed teaching manual for the Raspberry Pi.
That work has produced the Raspberry Pi Education Manual
which is available at the Pi Store or here
as a PDF. From Raspberry Pi: "The manual is released under
a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 unported
licence, which is a complicated way of saying that it’s
free for you to download, copy, adapt and use – you just can’t
sell it. You’ll find chapters here on Scratch, Python,
interfacing, and the command line. There’s a group at Oracle which
is currently working with us on a faster Java virtual machine (JVM)
for the Pi, and once that work’s done, chapters on Greenfoot and
Geogebra will also be made available – we hope that’ll be very
soon."
Who uses this?
Whether you’re a free Flickr user or
a pro account holder, you are entitled to receive a gift from Flickr
– the gift of a pro account for three months! But, hurry as the
promotion ends on January 4th.
All you need to do to activate your
free gift from Flickr is to log in to your Flickr account via a
mobile application or the desktop. Mobile users will automatically
receive the gift with no action required. If you use the desktop, a
banner will show you the offer of three months for free and all you
need to do is accept the deal. It really couldn’t be easier!
For all my students...
A growing number of colleges are
providing graduating students tools
to improve their online image. The services arrange for positive
results on search engine inquiries by pushing your party pictures,
and other snapshots of your lapsed judgement off the first page.
Syracuse, Rochester and Johns Hopkins are among the schools that are
offering such services free of charge. From the article: "Samantha
Grossman wasn't always thrilled with the impression that emerged when
people Googled her name. 'It wasn't anything too horrible,' she
said. 'I just have a common name. There would be pictures, college
partying pictures, that weren't of me, things I wouldn't want
associated with me.' So before she graduated from Syracuse
University last spring, the school provided her with a tool that
allowed her to put her best Web foot forward. Now when people Google
her, they go straight to a positive image — professional photo, cum
laude degree and credentials — that she credits with helping her
land a digital advertising job in New York."
(Related)
… Many people often think that the
“Internet stuff” is just for technology careers and young people,
but it’s not. There are many cases where having a solid online
presence has proven beneficial to people of all ages and industries.
Don’t Share
Anything You Don’t Want EVERYONE To See
Be Open &
Share Your Interests, Skills & Passions
Create a
Personal Website &/Or Blog
Find Your Niche
In The Social Media Community
Blogging &
Guest Blogging
Communicate
With Your Followers & Those You Follow
No comments:
Post a Comment