|
Written by Bradley Siddell
|
 Johns Hopkins
University has started to notify university employees and
hospital patients that tapes containing personal information have been missing
for seven weeks. Hopkins
officials said the tapes did not contain patient medical information, and they
believe the data has not been compromised. Eight of the tapes from university
computers held Social Security numbers, addresses, and direct-deposit bank
account information for 52,567 current and former employees, and were sent to a
contractor to make microfiche copies of the data for archives.
|
|
Read more...
|
|
|
Written by Bradley Siddell
|
 In reaction to privacy advocates' concerns over In-Q-Tel's investment in a Canadian software company that develops patient medical records applications, Ontario's information and privacy commissioner Ann Cavoukian launched an investigation to determine if any private data was exposed to the CIA. The software firm, Initiate Systems, Inc. develops software that manages patient records in Ontario and other Canadian provinces. The investigation showed that personal medical data was not at risk for exposure to U.S. intelligence collection as a result of Initiate's relationship with In-Q-Tel, the CIA's venture capital wing. Doug Tighe, an In-Q-Tel spokesman, said that is what his organization maintained all along. Tighe said that just because the CIA was interested in the same data management programs used for Canadian medical records, it did not mean the CIA was interested in Canadians' medical data.
Source: Washington Post
|
|
|
Written by Glen Cunningham
|
|
An article entitled "THIEF NABS SENSITIVE LAPTOP" in the Edmonton Sun on Wednesday July 26, 2006 shows the concern over proper security needed for medical and personal information.
About 8,000 clients of MD Management, a subsidiary of the Canadian Medical Association, had their records stored on a laptop by an employee. Guy Belanger, president of MD Financial Group, said the computer was taken when the employee's car was broken into.
Belanger said the information was protected by a password.
If they had followed the POSP protocol of 2 factor security, this would not be as much of a concern. There are strict guidelines on laptop security.
If you have any concerns about your technical security, call Glen at 780-968-1333 for an evaluation.
|
|
|
Written by Glen Cunningham
|
|
Specific safe guards for security of medical clinics are a
growing issue that physicians are becoming more concerned with. There are many issues from the new
technologies that are being used to support EMR and EHR . I am including a table that shows the specific incidents and threats with safeguards that can
alleviate them. Trinus has expertise in most of these safe guards and does work
in medical offices to provide the support need to achieve reduced risk.
View the safeguard table
|
|
|
Written by Jason Vance
|
|
There are many levels of security with regards to the implementation of EMR (electronic medical records). In fact, there are volumes of security protocols that health care centres need to follow in order to maintain compliance with Alberta Legislation.
Here are a few key protocols issued within the Vendor Conformance and Usability Requirements document published by POSP (Phyisican Operating Systems Program)
Physical Security - It is essential for two factor authentication when accessing medical records outside a secure zone. This could inlude password authentication, as well as a physical authentication like a finger print scanner.
Planning - A Security Threat /Risk assessment must be done every two years
Providing - Ensuring audit information is available and reviewed
Technology - It is important that proactive maintenance is performed on all technology equipment to ensure the latest security holes are patched. It is also important to have updated components, such as firewalls, gateways, and antivirus software.
Trinus would be able to provide a security assessment to establish any gaps that there could be for your organization, so contact us for further information.
|
|
|
RSS Links
The issues relative to EHR and EMR are very complex. Our goal is to discuss your concerns, identify the challenges and implement solutions that protect the confidentiality of Health Information.
