The Health Insurance Portability and Accountability Act of 1996 (HIPAA) controls the privacy and access of all protected health information (PHI) in the United States. One of the goals of the legislation is to help move the healthcare industry toward electronic health records (EHR). The value to patients and providers is faster and more accurate care, since clinicians, insurance companies and all related business organizations will have access to the same information.
In 2009, the US Congress passed the Health Information Technology for Economic and Clinical Health Act (HITECH Act) to further clarify and address the privacy and security concerns associated with the electronic transmission of health information. Language in the law extends HIPAA provisions to business associates of covered entities. This means that any organization that works with a healthcare provider is also subjected to the same laws and penalties.
Read the rest of this entry »
According to an announcement on January 11, 2012, after more than seven years of planning, the Internet Corporation for Assigned Names and Numbers (ICANN) has initiated a process that could trigger a dramatic expansion of the Internet. Starting on January 12, 2012, ICANN will accept applications for new generic top-level domains (gTLDs). This might sound like a great idea, but it could also be fraught with trouble.
ICANN is the organization that manages and controls the top level domains of the Internet. They are the ones who make sure that we have .com, .gov, .org, .edu and 18 other gTLDs. This new announcement intends to expand the top level domains to anything you want, including companies and famous brands. There is an application process and $185,000 fee to request a name, so not everyone will apply.
Read the rest of this entry »
The amount of personal information compromised through data breaches was on the rise in 2011. According to the Privacy Rights Clearinghouse, about 30 million records were compromised in 2011 in 535 separate breaches in the United States. That’s up from 12.3 million in 2010. The numbers are much larger when viewed globally.
Most people assume that hackers using sophisticated techniques are to blame for all the data breaches. In most cases it’s the simple things that trip up organizations. Some don’t encrypt information inside databases. This was the case with Sony. Sensitive information is accessible on the Internet because someone left a server wide open. This was the case with the Texas Comptroller. People don’t take care of backup tapes or laptops and someone may steal them from a car. That has happened all too often.
It’s important for anyone keeping sensitive data to encrypt it. All current databases have built-in encryption, but someone has to implement it. All sensitive documents should be encrypted using a persistent security policy so the author can control who can access them. And make sure you don’t leave the keys (literally and figuratively) out so that anyone can easily come into your organization and steal something valuable.
Read the rest of this entry »
Todays headlines point to hackers and other criminals as the major causes of data breaches, but in fact a lot of the trouble starts with trusted employees. And one of the most trusted in your life is your doctor.
Recent reports by Manhattan Research have found that 81% of physicians use a smartphone, up from 72% in 2010. 30% of doctors use iPads to access electronic health records and communicate with patients. Unfortunately according to research by the Ponemon Institute, data breaches have risen 32% with 96% of all health care organizations surveyed experiencing at least one data breach in the past two years.
The report did not specify the percentage of breaches from mobile devices, but it stated, “Widespread use of mobile devices is putting patient data at risk.” Larry Ponemon, commenting on his first study of patient privacy and data security, said, “This year it seems the issue of mobile devices has ratcheted up, because the adoption rate of smartphones that are really smart, or tablet computers, seems to have increased significantly.”
Mobile devices create security risks in two ways. Data can reside on the device and someone using the device can access medical records at health care organizations. Any document or piece of data that contains personally identifiable information (PII) is at risk. Plus it’s easier to lose a smartphone than a laptop.
Read the rest of this entry »
People are worried that their wireless carriers are monitoring all the activity on smart phones to spy on them and do who knows what. For years everyone thought this was just a conspiracy theory, but now a security researcher has thrown a little bit of reality onto the fire.
In mid-November, security researcher Trevor Eckhart published a report accusing Carrier IQ of installing malware on more than 140 million mobile phones worldwide. This software runs in the background and apparently records keystrokes as the user does everything from dialing a phone number to browsing a website. Eckhart posted a video on YouTube showing the software running in the background on an HTC Android phone and capturing information. The video proves this is not a figment of someone’s imagination.
Since that time a firestorm has emerged while Carrier IQ, phone manufacturers and telecom carriers have denied everything. Everyone claims that the purpose of this software is to help carriers improve the service they give to customers. Both AT&T and Sprint confirmed that handsets on their networks include the software, while Verizon says they do not use the software. T-Mobile has admitted using it too. Apple says its not in iOS 5, but there is a simple way to turn it off in the older versions. The handset manufacturers say they only install the software if a carrier asks them to do it. I find it funny that the network in the US that seems to offer the best service does not use this software.
Read the rest of this entry »
