September 24, 2011
Many medical devices have telemetry requirements, which require patient data to be both present within the device’s resident memory and to be transmitted from the device to a monitoring or record-preservation device (hard drive or tape). During transmission, are the content or command/control sequences protected? Do they need to be? Unfortunately, yes. The data must be protected not only from a PHI-data disclosure perspective, but also from data corruption perspective.
Tags: C&C,
CNET,
Command & Control,
Command and Control,
Congress,
data breach,
data security,
Device Security,
Elinor Mills,
GAO,
HIMSS,
Jay Radcliffe,
medical device manufacturer,
Medical Devices,
Medical Marcom,
Medical Security,
medical telemetry,
NEMA,
Personal Health Information,
PHI,
Privacy Rights Clearinghouse
July 31, 2011
I have always been an advocate of protecting one’s personal information and privacy and was personally pleased when the HIPAA standards came into being, as this raised the tide for all medical care providers to a common level of information protection. Indeed doctors, dentists, insurers, health organizations, hospitals and clinics all moved to have their data handling and storage reviewed and certified as being HIPAA compliant.
Sadly, being compliant is not synonymous with being secure. According to the Privacy Rights Clearinghouse there have been more than 87 separate data breaches made public from January 1 – June 10, 2011, which in aggregate affected more than 5,000,000 individuals’ records. Let’s look at the variety of ways patient data were compromised and how every one of these losses was avoidable.
Tags: back-up data,
data breach,
data loss,
document destruction,
fraud,
health care,
HIPAA,
identity theft,
idtheft,
medical,
Patient Data,
patient's data,
safe guards,
shredding,
university medical center
