Category: Privacy

  • Procedures are not a substitute for ethical behavior

    Are procedures  a substitute for responsible and ethical behavior? The  behavior of former secretary  of  State (and Presidential race loser) Hilary Clinton is an important example of how feeling entitled is not the exclusive domain of under 20-somethings. When we do a threat analysis of medical devices, we try to look beyond the technical security […]

  • Kick start your European privacy compliance

    The CNIL’s Sanctions Committee issues a 150 000 € monetary penalty to GOOGLE Inc. On 3 January 2014, the CNIL’s Sanctions Committee issued a 150 000 € monetary penalty to GOOGLE Inc. upon considering that the privacy policy implemented since 1 March 2012 does not comply with the French Data Protection Act. It ordered the company […]

  • The dangers of default passwords – 37% of Data Breaches Found to be Malicious Attacks

    A malicious attack by malware or spear phishing on valuable data assets like PHI (protected health information) exploits known vulnerabilities  and one of the most common vulnerabilities in medical devices and healthcare IT systems is default passwords. “Researchers Billy Rios and Terry McCorkle of Cylance have reported a hard-coded password vulnerability affecting a wide variety of […]

  • The Private Social Network for healthcare

    In his post on the Pathcare blog, I trust you to keep this private, Danny Lieberman talked about the roles that trust, security and privacy play in online healthcare interactions. In this post, Danny talks about healthcare privacy challenges in social networks and describes how to implement a private social network for healthcare without government privacy […]

  • Can I use Dropbox for storing healthcare data?

    First of all, I’m a great fan of Dropbox.  It’s easy to use, fast, runs on Windows, Mac and Linux  and that means you can share files with colleagues and patients for consultations because that old assumption (that a lot of vendors still make by the way) that everyone is on Windows just isn’t true these […]

  • How to keep secrets in healthcare online

    The roles of trust, security and privacy in healthcare.  If President Obama had told his psychiatrist he was gay, you can bet that it would be on Facebook in 5′. So much for privacy. pri·va·cy/ˈprīvəsē/ Noun: The state or condition of being free from being observed or disturbed by other people. The state of being […]

  • Insecurity by compliance

    If a little compliance creates a false sense of security then a lot of compliance regulation creates an atmosphere of feeling secure, while in fact most businesses and Web services are in fact very insecure. Is a free market democracy doomed to suffer from privacy breaches – by definition? My father is a retired PhD […]

  • Monica Belluci and Security

    Trends –  security and movie stars, Manuela Arcuri and  Monica Bellucci, Verisign and Mcafee. Information security and  risk analysis is complex stuff, with multiple dimensions  of people, software, performance, management, technology, assets, threats, vulnerabilities and control relationships.  This is why it’s hard to sell security to organizations. But, information security is also a lot like fashion with cyclical […]

  • Healthcare data interoperability pain

    Data without interoperability =  pain. What is happening in the US healthcare space is fascinating as stimulus funds (or what they call in the Middle East – “baksheesh”) are being paid to doctors to acquire an Electronic Health Records system that has “meaningful use”. The term “meaningful use” is vaguely  defined in the stimulus bill […]

  • Customer convenience or customer privacy

    This is a presentation I gave at the UPU (Universal Postal Union) EPSG (Electronic Products and Services working Group) working meeting in Bern on Feb 20, 2007. About 25 people from 20 countries were present and it was a great experience for me to hear how Postal operations see themselves and what they do in […]