Chapter 4

Chapter 4

Discussion Questions

1. What type of security breaches of medical record are commonly today?

ANSWER :  As i search to find breaches in medical records i found this information: Agency officials originally thought the hackers stole 24,000 Medicaid claims. But officials now say 24,000 files were stolen, and each file potentially contains information on hundreds of people.

Officials say the attack started last week and likely came from eastern Europe. The information was on a new server that had security tools installed improperly.

The agency says it plans to reach out to those affected and offer free credit monitoring services for one year.

LINK :   http://news.yahoo.com/utah-medical-records-breach-more-extensive-201409704.html 

2. What measures are being taken by the government and private industry to safeguard EHR's?

ANSWER :  I found the top 5 best practices on how to safeguard EHR's, as stated on an article i found : 

1. An organization-wide commitment to strong security

A complete Information Security Program (ISP) cuts across the entire enterprise, not just the IT department. It also includes items such as facilities availability and contingency, disaster preparedness, employee safety and human resource confidentiality.

2. A view of IT security as a competitive advantage
Savvy companies understand that in ever increasing amounts, the heart of an enterprise is found in the proper collection, storage, communication, availability, integrity and protection of electronic data. Security best practices leaders view protecting that information as a competitive advantage. In contrast, companies that experience IT security breakdowns are subject to damaging consequences that can limit competitiveness.

3. A sharp focus on security policies and processes
Having the latest and greatest array of technical "gear" such as firewalls, wireless infrastructure, virtualization and vulnerability management software appears to lead to a false sense of security in many cases. The best gear can be compromised without well-documented security policies and procedures that are rigorously followed and periodically updated, and the discipline to monitor and measure compliance to industry best practices such as ISO 27002.

4. Include business associates and partners in EHR security programs
As the exchange of electronic health information becomes more pervasive, the Department of Health and Human Services has made it clear that all entities in the chain bear responsibility for safeguarding electronic data. A breakdown anywhere in the chain affects all entities, both practically and legally speaking, and even a business associate's breach of electronics health records may require the notification of the customers/patients of all entities with access to the data. Successful organizations collaborate with business associates on the implementation of security programs and revise contracts to include data security/compliance requirements, breach notification costs, independent security assessments and other related issues.

5. Regularly conduct independent security assessments
The IT security environment is becoming ever more complex; safeguarding it is a dynamic endeavor that requires constant vigilance. HIPAA law requires covered entities to conduct routine evaluations of the effectiveness of records security programs, policies and procedures. An independent security assessment can evaluate security against potential risks in a format compliant with HIPAA Security Standards, even including business associates and partners with whom health data is exchanged. 

3. How do you think the implementation of ARRA will affect the privacy of our healthcare and personal data? What breaches do you foresee? How can they be forestalled?

ANSWER : As stated, ARRA requires healthcare institutions to notify individuals affected. ARRA is said to increase the enforcement of HIPAA(regulates the availability and breadth of group health plans and certain individual health insurance policies. It amended the Employee Retirement Income Security Act, the Public Health Service Act, and the Internal Revenue Code.) which means ARRA requires informations that may be breached.

Discussion Questions

1. How does Google's business model use personal data?

ANSWER :  Data or cookies is stored by  google or by any website within a browser and then subsequently sent back to the same website by the browser.this is to remember things that a browser had done there in the past, which can include having clicked particular buttons, logging in, or having read pages on that site months or years ago.

2. What do you think are the major privacy concerns raised by Google's business model and applications?

ANSWER :  Information breaches, though Google recently caused a stir when it decided to consolidate its privacy policies and share users' personal data across multiple Google services, including Gmail, Google search and YouTube. but despite the controversy google remains one of the world's favorite search engine. 

3. Do you think Google has taken adequate measures to protect its user's privacy? Explain your answer.

ANSWER : It is true that google provides protection to informations. One of these is, they provide privacy settings for the user that he/she may regulate cookies or data stored within his/her PC. But is this enough?google stores several personal information everyday. and they have now massive amounts of data which we all know may breach maybe due to hackers or human error.