Perhaps they don't take time for a
“Lessons Learned” analysis. Perhaps they don't know how to
learn.
By Dissent,
March 26, 2013 7:45 pm
As I read coverage around the internet,
I saw a few reports on the recent
OSHU breach that mentioned it was OHSU’s third reported HIPAA
breach since 2009. Actually, it’s only the second breach that will
appear on HHS’s breach tool, but it’s important to note that this
was OHSU’s fourth HIPAA breach that we know about since
2008. And disturbingly, all four of
them involved stolen devices with unencrypted patient information:
- In December 2008, OHSU notified 890 patients that a laptop stolen from a hotel where an employee was staying on business might contain patient records.
- In June 2009 – also before HITECH went into effect – OHSU notified 1000 patients that their names, treatment information and medical record numbers were on a laptop stolen from a physician’s car outside the doctor’s home.
- In July 2012, OHSU disclosed that 14,495 names and addresses with 14,300 dates of birth, phone numbers, medical numbers, 195 Social Security numbers and vaccination information were on a USB drive stolen from an employee’s home. OHSU only notified 702 of those affected, primarily those whose records “referenced health conditions that are a bit more personal or might be an embarrassment for a patient if disclosed.”
- And now, OHSU is notifying 4,022 patients whose information was on a researcher’s laptop stolen from a vacation rental home.
The question seems obvious: what the
hell will it take before OHSU encrypts all devices? At what point
do we – and HHS – say “enough is enough” and this is just
downright negligent or failure to learn from experience? Maybe
the doctor who left the laptop in the car violated protocols, but if
the data had been encrypted, there wouldn’t have been a reportable
breach. Maybe the employee who accidentally took the USB drive home
made a mistake, but if the data had been encrypted, there wouldn’t
have been a reportable breach. And maybe if OHSU had a policy of
encrypting devices used for research purposes, the most recent laptop
theft wouldn’t have been a reportable incident.
Approximately 20,000 people had their
protected health information needlessly exposed and stolen because
OHSU didn’t – and doesn’t – encrypt all devices containing
PHI.
HHS has seemingly not closed its
investigation of the July 2012 reported incident. The newest
incident hasn’t even been added to their breach tool yet. But
because HHS does not have records on the 2008 and 2009 incidents,
they are likely to miss the big picture – that OHSU has had
repeated and easily avoidable breaches.
And that’s a shame.
...because someone, somewhere might be
a terrorist!
…. Because Gmail
is sent between a user’s computer and Google’s servers using SSL
encryption, for instance, the FBI can’t intercept it as it is
flowing across networks and relies on the company to provide it with
access. Google spokesman Chris Gaither hinted that it is already
possible for the company to set up live surveillance under some
circumstances. “CALEA doesn’t apply to Gmail but an order under
the Wiretap Act may,” Gaither told me in an email. “At some
point we may expand our transparency
report to cover this topic in more depth, but until then I’m
not able to provide additional information.”
Either way, the
FBI is not happy with the current arrangement and is on a crusade for
more surveillance authority.
Read more on Slate.
[From the article:
According to Weissmann, the bureau is
working with “members of intelligence community” to craft a
proposal for new Internet spy powers as “a top priority this year.”
Citing security concerns, he declined to reveal any specifics.
“It's a very hard thing to talk about publicly,” he said, though
acknowledged that “it's something that there should be a public
debate about.”
Beware of flowery phrases meaning
nothing...
"Want to be invisible to
Google? Apparently you can't, at least according to the
European Commission and Information Commissioner's Office. '"The
right to be forgotten worries us as it makes people expect too much,"
said [deputy commissioner David Smith]. Instead, Smith said the
focus should be on the "right to object" to how personal
data is used, as this places the onus on businesses to justify the
collection and processing of citizens' data. "It is a
reversal of the burden of proof system used in the
existing process. It will strengthen the person's position but it
won't stop people processing their data." EC data protection
supervisor Peter Hustinx added the right to be forgotten is currently
unworkable as most countries are divided on what qualifies as
sensitive personal data. "I believe the right to be forgotten
is an overstatement," said Hustinx."
Perhaps not the best use of social
media...
App
tracks the wise who hate their bosses on Twitter
FireMe! takes note
of all those who tweet about how much they loathe their hardworking
bosses. It even has a leaderboard.
… Now, some kindly Germans have
come along to fully expose those who are temporarily taken by a need
to express job-loathing. They have created an app called FireMe!,
which lovingly collates tweets that could most politely be described
as injudicious.
… The tweets that FireMe! collects
are separated into four categories: "Sexual Intercourses,"
"Haters," "Horrible Bosses" and the quite
riveting "Potential Killers."
Location, location, location. Perhaps
I'll write a paper on “Camouflague in the Digital Age.” (Start
by using the name, address and phone number of your lawyer or
congressman whenever you register on a website...)
March 26, 2013
Nature.com
- Unique in the Crowd: The privacy bounds of human mobility
Unique
in the Crowd: The privacy bounds of human mobility,
Yves-Alexandre de Montjoye, César A. Hidalgo, Michel Verleysen &
Vincent D. Blondel. Scientific Reports 3; Article number:1376;
doi:10.1038/srep01376; Published 25 March 2013
- "We study fifteen months of human mobility data for one and a half million individuals and find that human mobility traces are highly unique. In fact, in a dataset where the location of an individual is specified hourly, and with a spatial resolution equal to that given by the carrier's antennas, four spatio-temporal points are enough to uniquely identify 95% of the individuals. We coarsen the data spatially and temporally to find a formula for the uniqueness of human mobility traces given their resolution and the available outside information. This formula shows that the uniqueness of mobility traces decays approximately as the 1/10 power of their resolution. Hence, even coarse datasets provide little anonymity. These findings represent fundamental constraints to an individual's privacy and have important implications for the design of frameworks and institutions dedicated to protect the privacy of individuals."
Since the government knows everything
about you anyway...
How
the Maker of TurboTax Fought Free, Simple Tax Filing
Imagine filing your income taxes in
five minutes — and for free. You'd open up a pre-filled return, see
what the government thinks you owe, make any needed changes and be
done. The miserable annual IRS shuffle, gone.
It's already a reality in Denmark,
Sweden and Spain. The government-prepared return would estimate
your taxes using information your employer and bank
already send it. Advocates say tens of millions of
taxpayers could use such a system each year, saving them a collective
$2 billion and 225 million hours in prep costs and time, according to
one estimate.
The idea, known as "return-free
filing," would be a voluntary alternative to hiring a tax
preparer or using commercial tax software. The concept has been
around for decades and has been endorsed by both President
Ronald Reagan and a campaigning President
Obama.
… Intuit
argues that allowing the IRS to act as a tax preparer could
result in taxpayers paying more money. It is also a member of the
Computer & Communications
Industry Association (CCIA), which sponsors a "STOP
IRS TAKEOVER" campaign and a website calling
return-free filing a "massive expansion of the U.S. government
through a big government program."
Might be a preview of debates here...
March 26, 2013
Proposed new EU General
Data Protection Regulation
Proposed
new EU General Data Protection Regulation: Article-by-article
analysis paper, V1.0
12 February 2013. UK Information Commission Office (ICO).
12 February 2013. UK Information Commission Office (ICO).
- "We originally produced this document for two main audiences – the ICO’s own staff and the Ministry of Justice, to help to inform the UK’s negotiations in Europe. However, it has become clear that the information contained in this paper could be of use more widely, as a resource for all those with an interest in the data protection reform process and the ICO’s views. Therefore we have decided to publish it."
If I understand this, now my wife has
to train her dogs to “casually trot around a neighborhood and act
as a 'confidential canine informant' when they get a whiff of some
illegal substances...” Should be a piece of cake.
Prior to hearing
oral argument in the Proposition 8 case this morning, the Supreme
Court handed down its decision
in Florida
v. Jardines, the other dog sniff case (Florida
v. Harris was decided last month). In an opinion written by
Justice Scalia, the Court affirmed the Florida Supreme Court. The
Court held a dog sniff at the front door of a house where the police
suspected drugs were being grown constitutes a search for purposes of
the Fourth Amendment. Justice Kagan filed a concurrence joined by
Justices Ginsburg and Sotomayor. Justice Alito filed a dissent
joined by the Chief Justice, and Justices Kennedy and Breyer.
Read more on SCOTUSblog.
Orin Kerr commented
on the decision:
This morning the
Supreme Court handed down Florida
v. Jardines, the case on use of a drug-sniffing dog at a
suspect’s front porch to sniff around for narcotics inside. Held,
in a 5-4 decision by Justice Scalia: Entry onto the porch was an
unconstitutional search because it was a physical intrusion into the
curtilage around the home under Jones that was beyond the
scope of any implied consent. In light of my Supreme
Court Review article on how there was no “trespass test”
before Katz, I was particularly interested to see that the
majority’s application of Jones does not use the word
“trespass.” Instead, the Court refers to the Jones test
as a test of “physical intrusion.”
Ryan Calo, however, had a somewhat
different perspective, writing on Concurring
Opinions that the decision leaves him somewhat puzzled/worried.
He raises three thought-provoking questions.
“Future Crime” If this test
predicts reoffenders 51% of the time (no numbers in the article) in a
environment where 67.5% reoffend, is it truly ready for prome time?
Brain
Scans Predict Which Criminals Are Most Likely to Reoffend
Brain scans of convicted felons can
predict which ones are most likely to get arrested after they get out
of prison, scientists have found in a study of 96 male offenders.
“It’s the first time brain scans
have been used to predict recidivism,” said neuroscientist Kent
Kiehl of the Mind Research Network in Albuquerque, New Mexico,
who led the new study. Even so, Kiehl and others caution that the
method is nowhere near ready to be used in real-life decisions about
sentencing or parole.
This could become interesting. There
are lasers that do not use visible light (e.g. X-ray) and those that
are guaranteed to be safe for eyes at the classtroom range, let alone
a few thousand feet. If Google uses one of those to hunt for
potential sinkholes in Florida or to create accurate topographical
maps, are the people on the ground victims?
Aiming
Laser Pointer at Airplane Gets Man 2.5 Years in Prison
A 19-year-old North Hollywood man has
been sentenced to 2.5 years in prison for aiming a laser pointer at a
commercial aircraft — a steep punishment going well beyond the year
federal prosecutors were seeking.
“In this case the judge really felt
it was serious behavior and he wanted to make sure that people
understood it was not a joke,” Los Angeles federal prosecutor
Melissa Mills said in a telephone interview Tuesday.
… Defense attorneys, who did not
respond for comment, were seeking two years of probation and
community service.
Perspective I make that 40,000 man
years. Thank goodness “Computer” no longer means “some guy
with a green eyeshade”
"It may be a movie about a
stone age family, but DreamWorks said its latest 3D animated movie
The Croods took
more compute cycles to create than any other movie they've made.
The movie required a whopping 80 million compute hours to render, 15
million more hours than DreamWorks' last record holder, The
Rise of the Guardians. The production studio said
between 300 and 400 animators worked on The Croods
over the past three years. The images they created, from raw
sketches to stereoscopic high-definition shots, required about 250TB
of data storage capacity. When the movie industry moved
from producing 2D to 3D high-definition movies over the past decade,
the data required to produce the films increased tremendously. For
DreamWorks, the amount of data needed to create a stereoscopic film
leaped by 30%."
Simple? Yes Useful? …
Wednesday, March 27, 2013
Quizdini
is a free tool for creating online quizzes. The best feature
of Quizdini is that you can create explanations of the correct
answer for your students to view immediately after trying each
question in your quiz. Your explanation can include text and or
links to online resources like videos and images. Quizdini quizzes
can be created in a traditional linear format or in a matching format
that asks students to pair answers to terms.
Learn how to create a Quizdini quiz by
watching the video below.
No comments:
Post a Comment