http://www.phiprivacy.net/?p=1574
Healthcare Data Breaches Slow To Surface
By Dissent, December 3, 2009 8:31 am
Doug Pollack, Chief Marketing Officer for ID Experts, wrote the following article, questioning why we’re not yet seeing any reports of breaches affecting 500 or more posted to HHS’s website under the provisions of HITECH that went into effect September 23. Keeping in mind that not all breaches involving healthcare organizations involve unsecured protected health information, that it takes time to figure out a breach and report it, that HHS gave entities an “out” by inserting a “harm threshold” that Congress did not want or legislate, and that HHS may not have anyone dedicated to updating their web site, I’m not particularly surprised that we’re not seeing anything on HHS’s web site yet. But like Doug, I keep watching their site, too.
… I noticed that the Identity Theft Resource Center (ITRC) 2009 ITRC Breach Report, a terrific compendium of public information from numerous sources on data breach incidents, had captured numerous healthcare data breaches since the September 23rd effective date.
And of course there have been several very high profile healthcare data breaches recently including the Blue Cross Blue Shield Assocation breach that affected over 850,000 of their medical providers, as well as the recent Health Net data breach affecting over 1.5MM individuals.
So with great anticipation I visited the HHS website where there is a section on the Breach Notification Rule and clicked on the following link:
“View Breaches Affecting 500 or More Individuals. OCR must post a list of breaches that affect 500 or more individuals. View a list of these breaches.”
And surprisingly, there was nothing there.
Rant on, brother! See? It's not just me. (What kind of organization would deliberately reduce their security?)
http://news.cnet.com/8301-31114_3-10407961-258.html?part=rss&subj=news&tag=2547-1_3-0-20
Character limitations in passwords considered harmful
by Jonathan Eunice December 2, 2009 4:09 PM PST
For about the 4,000th time in the last five years, I tried to sign up for a new Web service, but it wouldn't accept my proposed password. Apparently, the site operators decided that passwords should contain only letters and numbers. Aarrrrgh! This isn't the first time I've seen this idiocy, and it won't be the last. But it should be.
Guidelines on how to construct a strong password almost uniformly recommend using a mixture of upper and lower case letters, numbers, and symbols. Tools for generating passwords (for example, strongpasswordgenerator.com) encourage the use of symbols. There's even a mathematical formula that precisely calibrates how much more unguessable symbols make a password. So why don't sites support symbols in passwords? It makes no sense.
… One good solution is using a password generator, such as PasswordMaker. Give it a Web site's URL, as well as a master password; it hands back a strong password such as Ga9i)t|Z that's unique to that site. A hundred different Web sites? No problem! A hundred different passwords, each of them very strong, yet the user has to remember just one (or for the very paranoid, a few) master passwords. For those using Firefox, there's even a plug-in; give it your master password once (per browsing session), and a single keypress automatically fills in the correct strong password whenever it's needed. It's not quite smart card or SecurID strong, but it's plenty strong for most uses, yet easy.
It's always wise to have a sound historical perspective. I think I'll have my students concentrate on how Jay Gould read every telegram relating to markets he invested in.
How Robber Barons hijacked the "Victorian Internet"
Ars revisits those wild and crazy days when Jay Gould ruled the telegraph and Associated Press reporters helped fix presidential elections. Is government supervision really the worst thing that can happen to a communications network?
By Matthew Lasar Last updated December 2, 2009 8:11 AM
Another “history”
http://www.bespacific.com/mt/archives/022922.html
December 02, 2009
CRS: The Market Structure of the Health Insurance Industry
The Market Structure of the Health Insurance Industry, D. Andrew Austin - Analyst in Economic Policy, Thomas L. Hungerford - Specialist in Public Finance. November 17, 2009
"Congress is now considering several proposals to reform the U.S. health care system and address the twin challenges of constraining rapid growth of health care costs and expanding access to high-quality health care. This report discusses how the current health insurance market structure affects the two policy goals of expanding health insurance coverage and containing health care costs. Concerns about concentration in health insurance markets are linked to wider concerns about the cost, quality, and availability of health care. The market structure of the health insurance and hospital industries may have played a role in rising health care costs and in limiting access to affordable health insurance and health care."
(Related) These are the services that want to hold our health records for us. Worth reading the article to see what they considered important for patient privacy. Can we improve on the criteria?
http://www.phiprivacy.net/?p=1560
Patient Privacy Rights grades PHRs
By Dissent, December 2, 2009 2:01 pm
Patient Privacy Rights has issued a privacy-oriented report card on some of the available PHRs (personal health records). For those who prefer to cut to the bottom line, the grades issued were as follows:
CapMed- icePHR: C
Google Health D/F [Platform Grade: D, Partners Grade: F]
Microsoft HealthVault B/F [Platform Grade: B, Partners Grade: F]
NoMoreClipboard: A [Who are these guys? Bob]
WebMD: C
PHRs Offered by Employers and Insurers: F
Detailed report cards for each PHR are available on their site.
It's not standing in front of the tanks in Tienanmen Square, but it does take courage. Conflicts in law (some based on logic, some based on lobbying) need to be resolved.
Danish DRM Breaker Turns Himself In To Test Backup Law
Posted by timothy on Wednesday December 02, @02:53PM from the impure-impurity-and-impureness dept.
coaxial writes
"In Denmark, it's legal to make copies of commercial videos for backup or other private purposes. It's also illegal to break the DRM that restricts copying of DVDs. Deciding to find out which law mattered, Henrik Anderson reported himself for 100 violations of the DRM-breaking law (he ripped his DVD collection to his computer) and demanded that the Danish anti-piracy Antipiratgruppen do something about it. They promised him a response, then didn't respond. So now he's reporting himself to the police. He wants a trial, so that the legality of the DRM-breaking law can be tested in court."
Are the phone companies doomed? (Should I short their stock?)
FCC Preparing Transition To VoIP Telephone Network
Posted by CmdrTaco on Thursday December 03, @08:46AM from the only-a-matter-of-time dept.
communications
mantis2009 writes
"The US Federal Communications Commission (FCC) published a request for public comment (pdf) on an upcoming transition from the decades-old circuit-based Public Switched Telephone Network to a new system run entirely with Voice over Internet Protocol (VoIP) technology. This is perhaps the most serious indication to date that the legacy telephone system will, in the near future, reach the end of its life. This public commenting phase represents a very early stage in what will undoubtedly be a very complex transition that makes this year's bumpy switch from analog to digital television look relatively easy."
Toward ubiquitous surveillance. “Why hire someone to do what we can do with a video camera and computer? (and a bunch of third worlders working for pennies per day.””
ReTel Technologies Raises $1 Million For Surveillance Video Analytics
by Leena Rao on December 2, 2009
… ReTel’s flagship product, ConstantAudit, provides video surveillance analysis for stores and restaurants. The startup uses security camera feeds to deliver interesting metrics and data such as table cleanliness, service times, and employee activities. ReTel delivers human tested analytics using paid micro-tasks on services like Mechanical Turk to break down data from the videos. This enables the company to deliver sophisticated reports that include data points such as male vs. female ratios, instances of theft by employees, and other actions that only humans can get right.
(Related) Surveillance tools. All that is not forbidden is mandatory.
FCC Lets Radar Company See Through Walls
Posted by samzenpus on Thursday December 03, @07:55AM from the x-ray-specs dept.
DesertNomad writes
"Attorney Mitchell Lazarus over at CommLawBlog gives a good overview of a new radar technology and the challenges of getting regulatory approval, which seemingly can be just as difficult as developing the technology itself."
For my iPod-using friends.
The iTunes Godfather: From Organized Crime to Organized Music [Windows]
Dec. 3rd, 2009 By April Dee
… Apple seems to think it’s hilarious to rename all of your iTunes music files on the iPod’s hard drive to a lovely mess of nonsensical, completely unorganized file names that renders your music unrecognizable. Thanks to The Godfather, though, I dread this task no more.
I like lists. Let someone else do the aggregation, I get to skim through and find the gems. “Lists is like a box of chocolates. You never know what you're gonna git.” F. Gump
Twitter, Amiando, Obopay, And Playfish Are Named Technology Pioneers By The World Economic Forum
by Erick Schonfeld on December 3, 2009
Hacker tools or Swiss Army folder. Because “protected” PDFs don't allow me to plagiarize their words.
FreeMyPDF
Use this site to remove passwords and restrictions (such as printing, copying text, etc.) from PDFs.
Note: This only works for PDFs that you can open and read without any 3rd party plugins. PDFs that require a password to be viewed cannot be unlocked by this service.
No comments:
Post a Comment