Make your live is better

Make your live is better.

Your Fammily is Your live

Your Fammily is Your live.

Care your future

Be healty .

This is default featured post 4 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured post 5 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

Showing posts with label medical record confidentiality. Show all posts
Showing posts with label medical record confidentiality. Show all posts

Thursday, March 17, 2011

Medical Data Breach of the Month Department: Health Net Once Again a Star in the Healthcare Renewal Theatre

1:12 PM  nobody  No comments

I have written frequently about the breaches of electronic information security, such as at my posts:

"Networked EMR's and Healthcare Information Security: Practical When Massive IT Security Breaches Continue?"

"Networked, Interoperable, Secure National Medical Records a Castle in the Sky?"

"Operation Aurora And a Widespread Reluctance to Discuss IT Flaws: Is Universal Healthcare IT Really a Good Idea in 2010?"

Medical data breach of the week - but your EMR data is secure, trust us, we're IT experts

and others.

This latest medical information breach only affected a mere 2 million people this time.

Perhaps we should go for 20 million next time?

And then - there were substantial delays in notification (to give identity thieves time to get rich?)

Health Net Delays Notification of Data Breach Involving 2 Million People

By: Brian T. Horowitz
2011-03-16

Insurer Health Net waited until March 14 to disclose a data breach discovered on Jan. 21 involving the loss of nine server drives and the data of 2 million customers, employees and health care providers.

Health Net, a provider of health insurance to about 6 million people across the United States, has come under fire for reporting the loss of nine server drives at its data center in Rancho Cordova, Calif., nearly two months after it occurred.

More than 2 million Health Net members, employees and health care providers may have been affected by the data breach, including about 845,000 California policyholders, according to The San Francisco Chronicle. California regulators are investigating the breach, the newspaper reports.

How did this happen?

The insurer found out about the security lapse on Jan. 21, when IBM, which manages the company's IT infrastructure, informed Health Net that it was unable to locate server drives, according to a recording on Health Net's data breach hotline (855-434-8081).

These drives perhaps are of a new technology, with motorized robotic legs that allow them to walk away.

Or perhaps the drives were like this, where the round drive platter stacks perform double duty as wheels:


A "mobile" hard drive. Click to enlarge.


The drives just rolled away - to the tune of Steppenwolf's "Born to be Wild" ...


These drives were just Born to be Wild! Click to play.


Get your motor runnin' ... head out on the highway ...

The health benefits provider began its investigation at that time and learned that the nine drives included personal information for former and current Health Net members, employees and health care providers. The company didn't report the breach to the public until March 14.

Gee, thanks.

Health Net spokesman Brad Kieffer declined eWEEK's request for additional information on the breach but said, "We continue investigating unaccounted for server drives, and out of an abundance of caution we are notifying our members."

"Abundance of caution" and an almost 2-month delay do not belong in the same news story.

... "Given the size and type of data lost, this is a serious breach, and those affected should have been notified and protected immediately when IBM notified Health Net of the loss," Rob Enderle, principal analyst for the Enderle Group, wrote in an e-mail to eWEEK.

Indeed.

"While the delay was likely due to the belief that these drives were either misplaced or reused and not logged and the hope they would turn up on a maintenance rotation, the exposure to those that may have been compromised is excessive, and for an insurance company not to immediately mitigate this exposure�unforgivable," Enderle said.

"Hope/keeping your fingers crossed" and "due diligence/corporate responsibility" also do not belong in the same paragraph.

Information included names, addresses, health information, Social Security numbers and/or financial information, Health Net reports. .

All the news that's fit to print.


The Health Net breach could be the most serious health care data breach since 2008, when incidents affected 2.2 million people at the University of Utah and 2.1 million people at the University of Miami, according to the San Francisco Chronicle report.

Since 2008, eh, way back when, ancient history, when dinosaurs ruled the earth?

In May 2009, Health Net suffered another security breach in which a portable disk drive holding the medical and financial data on 1.5 million members disappeared from its Connecticut headquarters.

The portable disk drives must have robotic legs, too.

Data breach penalties for Health Net could be severe, according to Enderle.

Perhaps that's why they were crossing their fingers hoping the drives would turn up somehow?

Finally, I note that this company has also been busy in recent years making a name for themselves in the Healthcare Renewal Theatre in other ways. They're stars! See http://hcrenewal.blogspot.com/search/label/Health%20Net

-- SS
Read More

Friday, November 19, 2010

Insurers Test Data Profiles to Identify Risky Clients

7:59 AM  nobody  No comments

Stories like this one today at the WSJ disturb me.

Insurers Test Data Profiles to Identify Risky Clients
Wall Street Journal
Nov. 19, 2010

From that story:

Life insurers are testing an intensely personal new use for the vast dossiers of data being amassed about Americans: predicting people�s longevity.

Insurers have long used blood and urine tests to assess people�s health�a costly process. Today, however, data-gathering companies have such extensive files on most U.S. consumers�online shopping details, catalog purchases, magazine subscriptions, leisure activities and information from social-networking sites�that some insurers are exploring whether data can reveal nearly as much about a person as a lab analysis of their bodily fluids.

In one of the biggest tests, the U.S. arm of British insurer Aviva PLC looked at 60,000 recent insurance applicants. It found that a new, �predictive modeling� system, based partly on consumer-marketing data, was �persuasive� in its ability to mimic traditional techniques.

The research heralds a remarkable [alarming? -ed.] expansion of the use of consumer-marketing data, which is traditionally used for advertising purposes.


Read the entire article.

The reason I find this article disturbing is that it can and probably should be looked at as another example of technophiles and opportunists with no knowledge of (or lack of caring about) Social Informatics, a decades-old discipline with a focus on studying the unintended consequences of new information and communications technologies (ICT's), enabling our society to move one step closer to centralized control.

Social Informatics (SI) refers to the body of research and study that examines social aspects of computerization, including the roles of information technology in social and organizational change, the uses of information technologies in social contexts, and the ways that the social organization of information technologies is influenced by social forces and social practices.

Stories such as the above WSJ story, and others in their running series on Internet privacy, also dampen my enthusiasm about the possibility that electronic medical information will be kept private, confidential and secure.

-- SS

Read More

Related Posts Plugin for WordPress, Blogger...