Thursday, December 29, 2011

Securing Patient Data

There are new privacy concerns that were triggered by the continuous increase in data breaches at health care providers. There were some studies conducted to pinpoint the main cause of this exasperating situation. There were some that put the blame on insufficient funding for security, while others said that the sudden surge in data breaches is due to devices that were either lost or stolen. The first reason could be explained by the government’s priorities in distributing funds, but it is not good to hear that there is human error, or that health care professionals are not well informed about securing patient data.

Almost all private and public organizations are now using mobile technology in their daily operations. People in these organizations use smartphones or tablets to conveniently manage data because doctors and other health care professionals discovered the convenience of using these gadgets for electronic health records. These tools, however, do not possess the much needed, necessary security. Because they do not have enough background, some doctors are using these gadgets without taking advantage of the use of encryption technology, or even passwords.

A spokesperson from the American Health Information Management Association saw the need for education and awareness. He said that training sessions on the use of mobile technology in relation to data management are already being implemented. But he also added that these are not as effective as education and awareness. There must be better involvement if health professionals are to have the sufficient awareness of patient data security.

It is surprising to note that at present, 4 out of 10 health care professionals surveyed believe that patient data accessed by mobile devices is secured. An added surprise comes from knowing that 81% of them are using these devices to collect, store and transmit patient records. But the shocking detail is that almost one-half of the participants surveyed revealed that their organizations do not have any data security mechanism at all.

Image: winnond / FreeDigitalPhotos.net

Monday, December 26, 2011

Still on Health Record Breaches

The number of hospitals in the United States that are adopting electronic medical records is continuously growing, but according to a study from the Ponemon Institute, insufficient funding for security has also triggered a surge in patient data breaches. A recorded 32% increase in data breach incidents from 2010 to 2011 tends to support such a claim. Hospitals say that there should be enough funding from the agency concerned in order to ensure patient privacy.

Converted into cost, the health care industry lost an estimated $6.5 billion just last year alone. Nearly one-half of the health organizations that were surveyed said that the major cause of this was lost or stolen devices. The survey included 72 hospitals and health care providers, but the names of the organizations were kept private.

Observers see that the condition is getting worse, mainly because security seems to not be given any major importance. They also anticipate that it will not get better given the policy of providing incentives to doctors and hospitals that implement digital health records. More patient records will be exposed to theft with the compensation budget that reaches up to $27.4 billion. Health care organizations then rush to speed up health records, but there is no corresponding needed security.

Another study showed that more than 50 percent of the organizations surveyed blame insufficient funding as the reason for such breaches. There are existing data breach notification laws that order organizations to report to the Health and Human Services Department those breaches that involve more than 500 people. The agency then makes a list of those affected and posts these violations on its website.

There are laws on federal privacy that health care providers and employer-sponsored group health plans are obliged to comply with. These laws require periodic audits to be conducted by the Health and Human Services Department. This is to carry out security risk reviews and assess security and breach notification policies. This mechanism ensures that organizations have their privacy, security and breach notification policies in place.

Image: Salvatore Vuono / FreeDigitalPhotos.net

Monday, December 19, 2011

Anti-Hacking Laws Must be Updated

Lawmakers are busy looking into the 1986 anti-hacking law primarily because it no is no longer up to date with the current online “culture”. Without the needed changes, the law would punish even innocent web surfers. But those concerned with its updating are very careful because changing the penalties might not sink the law’s teeth in legitimate criminals. Revising the Computer Fraud and Abuse Act should not set aside the civil liberties of users while seeing to it that cyber-criminals are prosecuted.

One important revision that has to be made is in the power of government to penalize users who violate a website’s terms of service agreements. A law school professor openly said that the present state of the law is harsh. He added that it threatens the civil liberties of Americans who simply give false information on Facebook and other sites.

The professor gave some typical examples in his written testimony of how millions of users give fake information. He wrote that a user could be held criminally responsible for simply writing that he goes to the gym every day when in fact, he goes there only once a month. He added that the millions of users who supply false information about their height, weight or age could be considered criminals. He also mentioned a study that suggested 8 out of 10 users provide false information in their profiles. Incredible, but there are millions of Americans out there who are cyber-criminals!

One critic deemed it necessary for lawmakers to spell out what the law actually means, particularly with the phrase “exceeds authorized access”. This will set the limits of employers to penalize those employees who break terms of service agreements. The same critic also said that the revisions should make those federal employees who are handling confidential information answerable.

Such initial steps and suggestions would narrow down the prosecution threats to those breaches committed by government employees. A letter was co-signed by organizations that have been known to protect consumers and citizens. They laid down their common concern of defending people who break site service contracts by “accident”.

Friday, December 16, 2011

Online Job Hunting Scams

You should read about these phishing scams that you might run into, so you could have the understanding on how to handle them. If you want to find a job online, be cautious of those that encourage you to send personal information. There are many online criminals that hide behind legitimate job sites just so they can appear legitimate too. Some of them will use familiar-looking logos and convincing words that could attract your attention. The truth is that they will only lead you to fake websites that appear to be owned by legitimate companies.

Aside from asking for personal information, another method of operation is charging fees for services that they do not really provide. Many people have been victims of this kind of scam where they paid for services that are nonexistent. This idea of online fraud is so effective that more victims are coming forward to present their complaints. These criminals are not easy to catch because they “close down” their operations after a while and then leave without a trace.

If you are an online job seeker, it would help if you bear in mind these few tips that would help to protect you. Do not give any personal information unless it is related to work. Be alert when a prospective employer asks for your social security number, date of birth, home address, etc. It is strongly advised that you should not give out this kind of information over the phone, through email, or via fax.

It is said that your resume is one of your most valuable “assets” in job hunting. It carries with it such vital information about you that it has to be kept private. Never give away your resume unless you have a compelling reason. When posting your resume online, opt for a job site that has a clear privacy policy. Choose one that validates recruiters before permitting them to gain access to your records.

It is a good practice to verify a prospective employer or recruiter. Look for the company’s contact number and find out if it really exists. If you find it necessary, you can even visit the company yourself during regular work hours. Only after verifying the company’s legitimacy should you give consent to a background check if they ask for one.

Image: photostock / FreeDigitalPhotos.net

Wednesday, December 14, 2011

Fake E-Card Scam, Beware

Have you noticed that more users are becoming victims of phishing scams? New phishing scams crop up whenever there is an event that is getting the attention of a large number of people. It could be a natural disaster, an election, or even developments in the world financial system. It is best to make yourself aware of how scammers entice their victims to give in to their tricks.

Beware of fake e-cards, especially during the holiday season. In reality, these e-cards may be a phishing scam, spam, a spyware installer, or a virus. E-cards are links that are sent to you, which you can click on to open the “greeting card”. Needless to say, once you click on the link, you are actually opening the “website” where your greeting card was created. This is where the danger of downloading something that could be very destructive is.

So how do you avoid fake e-cards? More often than not, scammers send fake e-cards using reputable companies in order to appear more convincing. On your end, you must be alert to recognize the sender of the e-card. If you do not know the sender, do not trust the e-card. If you are familiar with the company that sent it to you, it is obvious that you have your own way of telling that the email is not a fraud.

You must check the display name and the sender’s email address. When you are in doubt as to the sender or the intent of the email, never click on any links. Most importantly, do not download anything, even if the source seems legitimate. When it comes to a file attachments, do not open or download any attachment unless you are sure of its origin.

In case you happened to open a seemingly legitimate website that has an end-user agreement, take the time to read all of it. Of course, it will take a lot of time to read all that fine print, but it is a must. You might be agreeing to install something that you do not want, like spyware.

Tuesday, December 13, 2011

Cookies No More

The Federal Trade Commission (or FTC) is in the process of improving internet privacy protection. If the plan goes through, this time it will be brought to a new level. This will be done without prejudice to innovation on the internet, but with enhanced consumer protection. Among other things, the proposal by the FTC includes innovative functions such as “do not track” and several others.

When internet technology was significantly developed, online activities of consumers started to be tracked by the use of “cookies”. To do this, websites send cookies to the consumer’s computer, making it easy for data miners to easily know consumer behavior online. Having gathered enough information, companies can then target specific products and services to online consumers. It is not easy for consumers to guard themselves against this because only very few of them know how to turn off cookies. They have to painstakingly find out the browser’s privacy settings so that they can opt out of cookies. However, this is easier said than done, even for the experienced user.

Some consumers might find data mining beneficial to them since they can get special offers and discounts if they continually buy the same product. But this is only true to some, because most consumers consider targeted advertisements annoying and threatening to their privacy. That is why authorities never give up in finding ways to protect consumers from these types of unwelcome ads.

The FTC wanted to make things easier for the “opt out” issue through the issued proposal. Once approved, consumers can opt out of cookies at anytime they like and, if they wish, turn it off permanently. Users are already fed up with being presented with very long privacy policies. Aside from this, the terms used are hard to understand except for users who have some knowledge of legal jargon. In the FTC’s scheme, consumers would be allowed to know who is following their online activities. More significantly, they will be given the power to permanently decline cookies.

Consumer watchdogs and companies that maintain websites can use this proposal to come together and plan concrete steps that need to be taken. Then they could zero in on some guidelines for consumer protection without hindering innovation on the web.

Image: piyato / FreeDigitalPhotos.net

Thursday, December 8, 2011

Here Comes the New Privacy Threat

A new security risk was discovered and has roused concerns among smart phone users. Security researcher Trevor Eckhart posted a 17-minute video which gave details of unknown software that is installed. It was shown that this software can log numerous details about what the user does with his or her mobile device. The software, particularly known as Carrier IQ, logs all text messages, Google searches and phone numbers entered in by the user. This data is then automatically reported to the mobile phone carrier. In addition to this, the software can log the URL of websites searched by the phone owner, even if he or she is using “https” URLs that encrypt data.

There are several mobile devices running on Android operating systems that come with the software installed by default. Eckhart said that it operates without being noticed or without the user’s knowledge. He added that even if the user does become aware of it, the software cannot be stopped. It is the kind of software that is often used in malware and Eckhart called it a “rootkit”.

When Eckhart was able to get hold of the training materials posted on the software’s website, he was able to discover more about Carrier IQ. Thinking that the company might take the files offline, he immediately copied these training materials. He was correct because the said files became unavailable shortly after he posted his analysis online.

A cease and desist letter was sent by the company to Eckhart, claiming that he infringed on copyrights by publishing its training manuals online. The company also claimed that his allegations about the software were vague and false. Furthermore, it demanded that the researcher turn over all the contact information of all those who obtained copies of the files.

In addition to this, Carrier IQ demanded that he replace his analysis with a statement renouncing his research. The company even drafted the statement for Eckhart and sent it to him so it could be posted. The company was bent on taking legal action against the researcher. However, Eckhart found support from the digital rights group Electronic Frontier Foundation, or EFF. The company then decided not to proceed with the actions.

Image: jscreationzs / FreeDigitalPhotos.net

Friday, December 2, 2011

Tech Toys and Kids' Safety

Christmas is near and for sure, many parents will be giving their kids tech toys. These are some of the hottest items on children’s wish lists: smartphones, tablets, and computers. Parents will gladly say “yes” and then be happy watching their kids click or tap away on their newest treasured possession. However, just as some parents would not think of giving their children a bike without a helmet, technology gifts should also come with safeguards.

Tens of thousands of parents do not realize the need to child-proof these devices. As these open the worldwide web to children, parents should make sure that their kids do not stumble upon the unsavory side of the internet. Kids have impressionable young minds and there are lots of “bad” things online that are not meant for them to see.

Without the needed protection, children might open a Pandora’s Box with their tech toys. There are those millions of x-rated web pages, violent videos, websites with disturbing topics from gambling to guns, and many more. Parents should not take their children’s safety for granted; instead they should look for software that could help filter the good from the bad.

There is a lot of available internet safety software for kids. Some are made for PCs and Macs, while others are suitable for specific mobile devices such as iPods, iPhones, and iPod Touch. There is nothing wrong with giving tech toys to kids this Christmas. The thing is that parents have to bear in mind that internet for kids should always be paired with safety.

Make your kids happy this Christmas by fulfilling their digital wishes. But before finally wrapping the gift, why don’t you install the software that will protect him? After all, kids of this generation cannot do away with being connected online. Keeping the line of communication open between parents and children can help the children understand why they need protection. They have to accept that not all sites on the internet are appropriate for them.

Image: Stuart Miles / FreeDigitalPhotos.net