Group items tagged

Electronic medical recordkeeping may not cut the overall cost of care, but by eliminating redundant procedures and reducing errors, quality may be improved. When physician Andrew Wiesenthal needs to work out a problem, he runs around Lake Merritt, across the street from his Oakland (Calif.) office at Kaiser Permanente. As one of the main drivers behind Kaiser's decades-long, multibillion-dollar effort to overhaul the way patient health records are kept, Wiesenthal has had a lot of laps to run. Doctors and other medical professionals across the country will be working through similar challenges in the coming years. President Barack Obama plans to spend $17.2 billion to induce care providers to maintain patient records electronically, scrapping the current paper-based system. The Obama Administration wants electronic health records for every American by 2014. Obama's predecessor also made a big push for electronic recordkeeping, and many doctors and hospital administrators see upgrading recordkeeping as a good way to improve care. Yet, fewer than 2% of acute care hospitals have a comprehensive electronic health record system in place, with another 8% to 12% using a basic system, according to a study published by The New England Journal of Medicine in March. Adoption isn't much better among physicians. Only 4% have a comprehensive system in place, with another 13% using basic systems, according to a study published in the journal in July. Kaiser Permanente is one of the few exceptions. Today, all of its medical clinics and two-thirds of its hospitals operate in a paperless environment and the rest are scheduled to be completely digitized by next year. Across the system, about 14,000 physicians access electronic medical records for 8.7 million patients in nine states and the District of Columbia.

Reform legislation is expected to be introduced this spring to update the Federal Information Security and Management Act, known as FISMA. A major complaint about FISMA is that complying with its rules does not necessarily guarantee departmental and agency information systems are secure. In this exclusive interview, Sen. Tom Carper, chairman of the Senate Subcommittee on Federal Financial Management, Government Information, Federal Services and International Security, discusses: Key provisions in the bill to improve ways to measure and determine the security of federal government information systems; Efforts to create a government-wide Chief Information Security Officer Council; His views on the most pressing cybersecurity challenges facing the nation: identity theft and the viability of financial institutions and threats by foreign nations to federal information systems.

Every day for one hour, Olympic-level athletes all over the world have an appointment they cannot break. The swimmer Dara Torres, a 12-time Olympic medalist, squeezes her hour into training, running errands and caring for her 3-year-old daughter. The curler Nicole Joraanstad schedules her hour at dawn, but says it often interrupts her sleep. The Olympic decathlon champion Bryan Clay makes himself available at night, when he is most likely to be home with family. Since Jan. 1, Olympic-level athletes have had to schedule their daily availability - hour and place - three months in advance so drug testers can find them, according to new World Anti-Doping Agency rules. And violating those rules can have serious repercussions. Three missed drug tests within an 18-month period during an athlete's appointed hour count as a positive drug test and can result in a one- to two-year ban from competition. Because the element of surprise is crucial to effective testing, athletes are also subject to random out-of-competition tests at any time. And they are tested at competitions. Jacques Rogge, the president of the International Olympic Committee said, "Sports today has a price to pay for suspicion." But some athletes say the rules have gone too far. "It's absolutely too much," Torres said in a telephone interview. "Why make this more cumbersome when we do so much already? We're at the point where we have to find a middle ground." Never before has there been so much protest regarding out-of-competition testing. Athletes in nearly every sport as well as organizations like FIFA, soccer's international governing body, have publicly criticized the doping agency's regulations. At least one lawsuit challenging the rules is in court. Sixty-five Belgian athletes, including the world-class Quick Step cycling team and its star Tom Boonen, filed a class-action lawsuit claiming that the new rules violate European privacy laws.

Industry Insiders Discuss HIT and HIPAA Issues March 30, 2009 by Astrid Fiano, Writer A significant part of President Obama's health care reform agenda is the push for implementing more health care technology. In the health care field privacy is always a major concern, and was the impetus of the Health Insurance Portability and Accountability Act of 1996--protecting the privacy of individually identifiable health information in all formats, and the confidentiality provisions of the Patient Safety Act--protecting identifiable information being used to analyze patient safety events. So those in the health care industry now wonder will the Administration's focus on health IT (HIT) present more challenges to privacy concerns? As part of a continuing focus on HIT issues, DOTmed interviewed industry expert Kirk J. Nahra, a partner in the Washington D.C. legal firm of Wiley Rein LLP, specializing in privacy and information security for the health care and insurance industries, and named an expert practitioner by the Guide to the Leading U.S. Healthcare Lawyers. DOTmed also interviewed Lise Rauzi, Vice President, Training Development, for Health Care Compliance Strategies (HCCS). HCCS provides online training compliance for employees. Nahra notes that regardless of the rising concern over privacy and the new HIT legislation, there have already been formal HIPAA security rules on electronic information in place for several years--the health care industry compliance has just been inconsistent. The problem -- to the extent there is one -- is that HIPAA rules are process-oriented, Nahra explained. The rules don't tell an entity what to do, but rather what to evaluate--a standard set of questions, but without a standard set of answers. For example, a covered entity has to have an internal audit, but the rules do not tell the entity how best to carry out that internal audit. Not surprisingly, different businesses have different ideas on how to implement their HIPAA evaluations

Two companies that collect, analyze and sell prescription information are mounting a Supreme Court challenge to New Hampshire's first-in-the-nation law making doctors' prescription writing habits confidential. In an appeal filed March 27, IMS Health Inc. of Norwalk, Conn., and Verispan LLC of Yardley, Pa., tell the high court that the law violates their First Amendment right to free speech in pursuit of their business. The law, aimed at thwarting hard-sell tactics by drug companies to doctors, makes it a crime for pharmacies and others to transfer information disclosing a doctor's prescribing history if the information could be used for marketing of prescription drugs in New Hampshire. Patients' names are not included in the data. The companies say that the ruling by the 1st U.S. Circuit Court of Appeals in Boston that upheld the law's constitutionality could be broadly applied to newspaper publication of stock market information and many other services that gather large amounts of information. The money made by selling the information to drug makers, the companies say, allows them to provide the same material to researchers and humanitarian organizations at little or no cost. The law first took effect in 2006. The following year, U.S. District Judge Paul Barbadoro in Concord ruled in the companies' favor and said the law violated the First Amendment. Another federal judge subsequently ruled against a similar law in Maine, relying heavily on the New Hampshire decision. But the 1st Circuit overruled Barbadoro, calling the law a valid step to promote the delivery of cost-effective health care. "Even if the Prescription Information Law amounts to a regulation of protected speech - a proposition with which we disagree - it passes constitutional muster," the court said. "In combating this novel threat to cost-effective delivery of health care, New Hampshire has acted with as much forethought and precision as the circumstances permit and the

In belt-tightening times, making the case for security investment is more difficult than ever. Security Catalyst founder Michael Santarcangelo details five steps risk professionals can use to communicate value effectively. The biggest challenge security teams face in their organization is one of perception, according to Michael Santarcangelo, founder of Security Catalyst, a New York-based consultancy focused on changing the way people protect information. Santarcangelo, who was recently a keynote speaker at the CSO Perspectives conference, said professionals focused on security are practiced at looking at risks and reducing them. Unfortunately, the rest of society often doesn't see risks the same way, making communication difficult (See also: Security and Business: Communication 101). "They lack relevant context," said Santarcangelo. "So security people get wrapped up in thinking: 'The CFO wants an ROI. We better work on ROI.' But what the CFO is really saying is:' I don't understand what you do. So you have to justify it to me.' Santarcangelo outlined his strategies for making the case for security investments at the three-day event held in Clearwater, Florida. He gave an audience of security professionals the details of his five step process for getting executives and boards to understand, and even approve, spending decisions in tough economic times. Create Santarcangelo believes one of the most effective ways to communicate value is to place focus back on the person to whom you are trying to make your pitch (See also: A CEO and CSO Who Actually Communicate). "The reason why someone changes a behavior or takes an action is because there is an inherent benefit to the person," said Santarcangelo. "But when many people start to create, they forget that. They tend to fall into the trap of thinking: 'I'm really smart and I know a lot of stuff. So I'm just going to say it and hope they will understand the value of it.'" Instead, Santarcangelo recommends creating

Too many companies leave themselves vulnerable to employees' ignorance or purposeful flouting of the rules when it comes to information security, suggests a survey conducted by (ISC)2. Focused on the 'basics' of policy management, the survey revealed that organisations are becoming confident in their ability to comply with the policies and procedures set out to secure their organisations. Analysis of the results, however, reveal education efforts to be immature, with most concerns relating to accountability and company-wide understanding of what is required. The survey questioned 737 information security professionals last month about their organisation's efforts in policy and awareness management. A great majority, 80 percent, said their company's ability to comply with security policy was satisfactory, good or very good, leaving only 20 percent saying they were dissatisfied. However, this confident stance was tempered by concerns from nearly half of the respondents over a lack of training (48 percent) and poor employee understanding of policy (46 percent); a lack of defined accountability (42 percent); and an unsupportive company culture (48 percent). These obstacles to compliance with policy were cited by significantly more respondents than other issues of traditional concern, including a lack of budget, which only 22 percent were concerned about, and the ability to procure the latest technology, which concerned only 19 percent of respondents. "The challenges are shifting from the systems to the people," says John Colley, CISSP, managing director for EMEA (Europe, Middle East, Africa) for (ISC)2. "The relatively little concern expressed over budgets suggests security continues to be viewed as a business imperative, even in the current economic climate. Unfortunately, security requirements are not yet well understood, or worse flouted, often with management support, in order to get a job done. There is a colossal task ahead to ensure all emplo

Ignorant People are a big security risk.

Online spying or behavioral targeting?

A question: If you have 347 followers on the Twitter microblogging service, what are the chances that they'll click on the same online ad you clicked on last night? Advertisers are dying to know. Or, say you and a colleague exchange e-mails on a Saturday night. Can managers assume that you have a tight working relationship? Researchers at IBM and Massachusetts Institute of Technology are investigating. Friendships aren't what they used to be. We now have tools, from e-mail to social networks, to keep in touch with people who a decade ago would have drifted into distant memories. Practically every hand we shake and every business card we exchange can lead to an invitation, sometimes within minutes, for a "friendship" on LinkedIn or Facebook. And unless we sever them, these ties could linger for the rest of our lives. What do these relationships say about us and the people in our networks? Companies armed with rich new data and powerful computers are beginning to explore these questions. They're finding that digital friendships speak volumes about us as consumers and workers, and decoding the data can lead to profitable insights. Calculating the value of these relationships has become a defining challenge for businesses and individuals. Marketers are leading the way. They're finding that if our friends buy something, there's a better-than-average chance we'll buy it, too. It's a simple insight but one that could lead to targeted messaging in an age of growing media clutter.

Twenty-three of the 24 major U.S. government agencies contain weaknesses in their information security programs, potentially placing sensitive data at risk to exposure, according to a government report issued this week. The U.S. Government Accountability Office (GAO) studied how the agencies were responding to the regulations described in the Federal Information Security Management Act of 2002 (FISMA). The mandate requires government entities to develop and implement an agencywide information security program. Inspectors general conduct annual reviews of agency progress. The GAO review, which took place between last December and this month, concluded that, partly based on inspectors general and federal Office of Management and Budget (OMB) reports, that 23 of 24 agencies contain lax controls to ensure that only approved users can access system data. Meanwhile, 22 of 24 agencies described information security as a "major management challenge," according to the report.

As USB devices have evolved into useful storage media, they've also turned into a security nightmare for agencies. The usage of USB devices should be encouraged and embraced to improve productivity, but they also must be managed to minimize the risks inherent with these tools. This paper discusses how USB devices have evolved and looks in-depth at the productivity benefits as well as the potential risks these devices can introduce if not managed properly. This paper also offers recommendations on how to balance the productivity versus risk challenge and highlights how government agencies can effectively manage the usage of USB devices and prevent data loss and malware introduction.

A majority of business executives believe that they have a right to know what their employees are doing on social-networking sites, but most workers say it's none of their bosses' business, according to a new survey by Deloitte. The survey was conducted in April with about 2,000 U.S. adults. Of the 500 respondents with managerial job titles (vice president, CIO, partner, board member, etc.), 299, or 60%, agreed that businesses have a right to know how employees portray themselves or their companies on sites like Facebook and MySpace. But 53% of employee respondents said their profiles are none of their employers' business, and 61% said that they wouldn't change what they were doing online even if their boss was monitoring their activities. That disagreement, says Sharon Allen, chairman of Deloitte's board and the sponsor of the survey, is one that companies need to address, particularly as these sites have become part of younger workers' lives. "It does, in fact, tee up the challenging debate or discussion that needs to take place to try to resolve both of their concerns," she said. Few businesses are having that conversation, according to the survey, though many executives indicated that it was on their minds. When asked what their company's policy was regarding social-networking use, roughly a quarter (26%) of employees said they knew of specific guidelines as to what they could and couldn't post. Similar numbers said their office didn't have a policy or they didn't know if their company had a policy - 23% and 24%, respectively.

LifeLock Inc., the identity-theft protection company that boasts 1.5 million customers, is embroiled in legal battles with critics who say its key service breaks the law and its advertising defrauds consumers. A federal judge has ruled that the Tempe-based company's practice of setting fraud alerts for consumers with the three main credit bureaus - a major part of its $10-a-month service - is illegal. LifeLock filed a motion challenging the decision. If the court sides with LifeLock's opponents, the decision could stunt the growth of one of the shining stars of Arizona's startup community, forcing the company to permanently alter its practices.

The federal GLBA, HIPAA, FACTA and its Red Flags and Disposal Rules, state data Breach Notification Laws and many other federal and state laws and industry regulations like PCI-DSS are intended to protect the privacy and security of consumer's personally identifiable and financial information entrusted to businesses and other organizations. Many suchidentity theft, id theft, government security, government privacy regulations aim to prevent identity theft and privacy violations. While some businesses have been negligent in securing information, other businesses have been victimized by black hat hackers or "crackers" who operate ahead of the cybersecurity technology curve. Cybersecurity is an ongoing challenge for businesses and for government as discussed in the President's Cyberspace Policy Review. In the four-year period ending in 2008, 23% of all data breaches reported were attributed to hackers. For those data breaches involving more than one million profiles, hacking was identified as the cause in 66% of the breaches according to a recent research report on data breach risk factors.

You have an unlisted phone number, you guard your personal information, you shred your financial papers- so everything is private and safe, right? Would you be alarmed to know that even when you think things are private, a perfect stranger can look you up online, see your address, birth date, past addresses, and even see a photo of your home, down to the detail of your child's play set out in the back yard? Alarmed yet? You should be. Take a look at this website: www.zabasearch.com. Simply plug your name in, and you are likely to be surprised, and probably a bit distressed to see all the information that is readily available online. How could this happen? Easy. Virtually every major change in your life is recorded somewhere in a government document. When you are born, a birth certificate is issued. When you obtain a driver's license, get married, buy a house, file a lawsuit ' all of these events are recorded in public documents easily available to you and to others. Government records are intentionally public in order to enable citizens to monitor the government and to ensure accountability in our society. The challenge is to balance the public's right to information with the individual's right to privacy.

Yesterday, CBC radio's morning show, the current, featured Lessons From The Identity Trail co-author, Ian Kerr, who discussed the book and a number of contemporary challenges that privacy faces in light of emerging technologies with guest host, Nancy Wilson. Below is the the text of Nancy Wilson's introduction and a link to the podcast of the full length interview in segment #3 of the show. To some people the Internet is the world's biggest commons ... a global public square. For others, it's a realm of shadowy, anonymous figures hiding behind online aliases. But anonymity is becoming less and less a feature of life online. We aired a clip with one perspective on that trend, posted last May on the website, Mobuzz.tv. Taking responsibility for your actions on line may be just one way you relinquish privacy. Every day, millions of Canadians hop on the Internet to check their e-mail, chat with their friends on social networking sites, book a vacation or buy a gift. And each time they click on a purchase or post a picture, they give up a little bit of their privacy. With this explosion of information technology - there are those who warn that our anonymity and our right to privacy is in jeopardy. That's the premise of a new book called On The Identity Trail: Anonymity, Privacy and Identity in a Networked Society. Academics, governments and private corporations around the world contributed to the book, which examines how technology is changing the nature of our private lives, and what it means to be "anonymous."

A new privacy law in Maine is facing a court challenge from media organizations as well as a coalition of online companies including AOL, News Corp. and Yahoo. The new law, officially titled "An Act To Prevent Predatory Marketing Practices against Minors," prohibits companies from knowingly collecting personal information or health-related information from minors under 18 without their parents' consent. The measure also bans companies from selling or transferring health information about minors that identifies them, regardless of how the data was collected. Wednesday, opponents asked the federal district court in Maine to issue an injunction against the measure, slated to take effect Sept. 12. In its court papers, the groups opposing the law say it has consequences far beyond limiting the marketing of health-care information. They contend the measure would "prevent common marketing practices used to serve teens information on colleges, test prep services, class rings, etc." The groups who are suing include the Maine Independent Colleges Association, Maine Press Association, Reed Elsevier and NetChoice -- a coalition of Web companies like AOL, eBay, Yahoo, IAC, News Corp. and Overstock.com.

Do you know where your electronic health information is tonight? Here's a reader challenge: I'll pay $10 to the first adult who has had at least five encounters with the private-sector healthcare system in the past 10 years to come up with a complete map of where all his or her electronic health records have traveled, who has seen them and where they are now.

Privacy rights are accepted and, generally, honored in Europe. The wealth - literally and figuratively - of personal information made available through the internet staggers the imagination. Staggering, too, is the prospect of privacy rights being trampled. EC Consumer Protection Commissioner Meglena Kuneva has a bone to pick with internet snooping. And she's launching an investigation into deep data mining. In an official statement (to be released March 31) she will outline concerns of vague and misleading 'term of use' for access to Web sites that can breach EC privacy rules. Commissioner Kuneva was born and raised in Bulgaria during a time when snooping on people was common, legal and nasty. The European Parliament (EuroParl) voted (March 27) overwhelmingly for recommendations in a report linking data surveillance, advertising and cybercrime. The report recommends safeguards for the privacy rights of internet users. The EuroParl called for "making use of existing national, regional, and international law." The MEPs raised the "imbalance of negotiating power between (internet) users and institutions." Internet users, said the MEPs, have the right to "permanently delete" personal details. Facebook's recent change in 'terms of use' allowing it to retain personal information brought a firestorm of criticism and the social networking portal backtracked. And the EC was watching. "It wasn't regulators who spotted the proposed change of terms at Facebook, it was one of the 175 million users," said Commissioner Kuneva's spokesperson Helen Kearns. Collecting and analyzing profile data is big business. It is "the new petroleum of the Internet world," said Ms Kearns, quoted in PC World (March 30). "If you are happy trading your data that's fine, but you should at least know how valuable it is." As Google and Microsoft have learned European Commission rules, unlike American rules, tend to set a low bar for compliance. The former pr

I. INTRODUCTION The globalization revolution is undeniably well underway. Some of the primary leaders of the revolution are the off-shoring outsourcers of the world in search of readily available talent at prices below what is available in the traditional geographical outsourcing centers. Certainly, U.S. companies seeking information technology resources--as well as those looking for human resources to support the ever-growing customer care requirements of their business--are at the forefront of the movement. Some of those companies are seeking their own solutions, but many have turned to business process outsourcing companies for assistance. Business process outsourcing is, generally speaking, the contracting of a specific business task to a third party service provider. Processes that are best suited to be outsourced are those that a company requires but does not depend upon to maintain its position in the marketplace. There are two primary categories of business process outsourcing. One category is commonly referred to as "back office outsourcing" which includes internal business functions such as billing or purchasing. The other category is commonly referred to as "front office outsourcing" which includes customer-related services such as marketing, customer contact management, and technical support. The globalization of business in general has resulted in the need for companies to be able to provide support to their customers in many different languages. At the same time, developments in technology have provided the ability for business process outsourcers to provide a cost effective global delivery platform. The convergence of the need for a portfolio of services to be sourced globally with the ability of business process outsourcers to do so on a cost effective basis has driven the outsourcers to geographic locations previously ignored by most business sectors. By many estimates, there are currently off-shore outsourcing vendors in more than 175 different