Monday, 29 August 2011

Hospital Workers Sharing Music? They May Also Be Sharing Your Medical Records

If Pres. Obama has his way, the medical records of every American will be digitized by 2014. The stimulus package (read the text here) includes $19 billion in funding to pay for the effort and calls for the appointment of a chief privacy officer to advise the U.S. Department of Health and Human Services on how best to protect this sensitive information. If a new study of how easily your medical records can be found online by others is any indication, the new chief privacy officer (to be appointed over the next 12 months) will have his work cut out for him because an increase in digital medical records would likely mean an increase in medical identity theft.

Using software written specifically for scanning Internet-based peer-to-peer (P2P) file sharing networks, Eric Johnson, an operations management professor at Dartmouth College's Tuck School of Business in Hanover, N.H., and colleagues recently found confidential medical files, involving thousands of people, including patient billing records and insurance claims containing Social Security numbers, birth dates, medical diagnoses and psychiatric evaluations. (The same type of information could have been found without the special search software, although not as quickly because the researchers would have had to search individual computers on each of the P2P networks they visited.)

Johnson's team found the data by trolling P2P networks such as Gnutella, FastTrack, Aries and e-donkey. (A visit to the eDonkey2000 Network indicates it is no longer available.) The leaked information came from the heath care organizations themselves, their employees working remotely, and from businesses that perform billing and other services for these organizations. "Our goal was to see the kinds of information that was leaking out, and P2P was simply a window into those organizations," says Johnson, who will present his findings on Monday at the Financial Cryptography and Data Security '09 conference in Barbados.

In P2P people share information stored on their computers with other people on a particular network, a practice first made popular by the music-swapping service Napster. Often, P2P users must download software on their computers that allows others to search their computer for different files. Allowing other P2P users to access your computer, however, means dropping your defenses (including firewalls meant to keep out snoopers and hackers).

Searching P2P networks, the researchers, for example, found a government application for employment that included detailed background information, including the applicant's Social Security number, full name, date and place of birth, and mother's maiden name. Ironically, the document also included a three-page intro highlighting the Electronics Communications Privacy Act measures undertaken by the government to protect the information in the document. Still, "it somehow ended up on to a P2P network," adds Johnson, who is also director of the Dartmouth's Glassmeyer/McNamee Center for Digital Strategies.

P2P users—there were an estimated 10 million of them in 2007, according to an earlier study by Johnson and colleagues—generally think that, because they're just looking to share music, the rest of the files on their computers are off-limits, says Alan Paller, director of research for the SANS Institute. "But there are no defenses once you let someone inside your computer."

Over a two-week period last year, Johnson and his team used special P2P network analysis software developed by Cranberry Township, Pa.–based Tiversa, Inc., to search for information related to or mentioning the top 10 publicly traded U.S. health care providers, including two in Tennessee: Nashville-based Hospital Corporation of America,  and Community Health Systems in Franklin, the latter of which in 2007 bought health care giant Triad Hospitals. When their searches turned up a file containing medical information on a particular computer, the researchers were able to use Internet Protocol (IP) addresses to trace that computer back to a particular location. In some cases, these files were located on computers connecting to the network from work, in others the computers were connecting wirelessly from homes, hotels or Starbucks.

In one case, Johnson and his team found two databases with detailed information on more than 20,000 hospital patients from the computer of a collection agency working for the hospital. Another search turned up a 1,718-page report with nearly 9,000 patient names, Social Security numbers, birth dates, insurers, group numbers and identification numbers. The researchers also found a pdf form for writing prescriptions that was blank, except for a doctor's signature at the bottom. "This document could be used for medical fraud by prescription drug dealers and abusers," Johnson noted in his report.

Stolen medical information can be used to steal your identity and ruin your credit, or to affect your medical records, Johnson says. "If I assume your identity to obtain medical services, such as using your insurance information to go to the hospital for treatment, it's not only insurance fraud, it's also adding false information to your medical records," he adds.

P2P file sharing has become the "bane of the security officer's life" at many corporations, as well-intentioned employees put their personal information as well as their company's proprietary information at risk, says Nick Selby, a vice president and research director with The 451 Group, a New York City–based technology research firm. People often use their work computers for personal reasons because they have higher bandwidth at the office, making it easier to download large music and video files. Although some P2P software allows users to specify which information they want to make available to the network, Selby adds, this software can easily be misconfigured and sensitive data made available to the network because people are using technology do not really understand how it works.

Johnson points out that the shift to digital health care records will not be easy. "The (Obama) administration is moving toward a national electronic health care records system," he says, "but the transition is going to be painful. It's not until they understand how to secure these records that we'll be safe." (The new chief privacy officer will have to not only secure new digital medical records but also promote ways to protect existing data.) The nirvana is to store this information in high-end databases systems that are well-secured, rather than in spreadsheets, e-mail and Word documents that can be left on someone's PC, he says, adding: If this cannot be done soon, hospitals and other health care organizations will need to restrict employee access to patient data.

Wednesday, 3 August 2011

Medical Information Card Can Save Your Life in an Emergency

 All the items in your wallet, the most valuable could be the Medical Information Card that lists your prescriptions and medical history. Listing this information on a card that you carry in your wallet could save your life in a medical emergency. If you are away from your medical records or doctor, in an accident, the information provided on the card is invaluable during what is called "The Golden Hour".
What is the Golden Hour?
The "Golden Hour" is a brief window of time in which the lives of a majority of critically injured trauma patients can be saved, if definitive treatment is provided. The Golden Hour is 60 minutes from the moment of injury, to call 911, dispatch an ambulance, transport the victim to a trauma center, and perform the necessary, life-saving intervention. Which means trauma is "time sensitive", and there is no time to waste.
Trying to locate a relative or your medical records can use up that critical hour where a life is in the balance. This is when a medical information card can give First Responders or Emergency Room Personnel the information they need to treat you.
Information that is typically included on a medical information card will be:
*Name and Address
*Date of Birth and Blood Type
*Three emergency (3) contacts with their phone numbers
*Primary Physicians (2) names and phone numbers
*Medical Condition/History (Use this to describe any operations, implants, etc.)
*Medicines (Includes dosage and times per day)
*Allergies (This can be critical information in an ER)
*Date Issued (Card should always be kept up to date)
*Photo (This is Optional, but what better way to make sure the card goes with the person?)
It is also recommended that older people in particular should carry a medical information card, since they'll be the ones most likely taking several medications. Also, parents ought to compile a card for each child, recording chronic medical problems and medications.
Additionally, the card should be kept up to date, particularly when medications or dosages change, you move or change doctors. The best place to carry your card is in your wallet next to your driver's license or other personal information. In an emergency, your wallet is typically the first place someone will go for information when seeking information on an unconscious patient.
Medical Information Cards are also great when you are just visiting the doctor and the question is asked about any medications you are taking, the info is right there in your wallet. Finally, the need for up to date information that can be used by First Responders and Emergency Room Personnel cannot be overstated.
While there are many ways you can create a we have found that a durable plastic card works the best. Too many times a paper card will deteriorate and become unreadable

My first blog

Hi..........wellcome to my bolg