Tag Archives: Social Networking

The Private Social Network for healthcare

In his post on the Pathcare blog, I trust you to keep this private, Danny Lieberman talked about the roles that trust, security and privacy play in online healthcare interactions. In this post, Danny talks about healthcare privacy challenges in social networks and describes how to implement a private social network for healthcare without government privacy regulation and IT balls and chains.

Online interactions with our HMO

We have online interactions with our healthcare organizations; accessing a Web portal for medical history, scheduling visits etc. Our PHI (protected healthcare information) is hopefully well-secured by our healthcare provider under government regulation (HIPAA in the US, and the Data Protection Directive in the EU). Albeit in the name of privacy, healthcare providers often take security to absurd extremes, witness the following anecdote:

I tried using online medical services with my provider in Hawaii but they could not respond due to my not being in Hawaii. What good is online diagnostic services when the patient is not in his/her home state?

Well now, I thought, that’s why Al Gore invented the Internet so that we could access healthcare services anywhere, anytime. Guess not. With our healthcare provider, we interact with the IT department. Bummer. On Facebook we interact with our friends. Compassion.

A healthcare provider’s business model requires them to protect your health information from disclosure. This is generally interpreted as doing as little as possible to help you be healthy. Social media business models require them to maximize distribution of your content. This means that your privacy is up to you and the people you connect with.

It seems obvious to me, that privacy regulation cannot work in social media because the connectivity is so high. There is no central data center where you can install an IPS and DLP systems and implement all of HIPAA CFR 45 Appendix A administrative, physical and technical safeguards. In that case, let’s get back to basics. We agree that privacy in our healthcare interactions is critical.

What is privacy?

pri·va·cy/ˈprīvəsē/

  1. The state or condition of being free from being observed or disturbed by other people.
  2. The state of being free from public attention

Healthcare privacy by design

Just like you are alone with your doctor in his office,we can build a private social network where the topology of the network guarantees privacy. We describe a star topology where one doctor interacting with many patients. We guarantee online privacy in our star topology network with 3 simple principles;

  1. Each doctor has his own private network of patients.
  2. In the private network, patients do not interact with other patients (interact as in friending, messaging etc.). We can expand the definition a bit by allowing a patient to friend another person in a caregiver role, but this is the only exception to the rule.
  3. A doctors private network does not overlap with other doctor networks, although doctors connect with each other for referrals.

This is a private network for healthcare by design.

What makes it a private social network, is the use of the same social apps we use in social media like Twitter and Facebook: friending, short messaging, status updates, groups, content sharing and commenting/liking.

A doctor uses a private social network for healthcare with the same 3 basic primitives of public social networking: Connect (or friend), Follow and Share.

One of the things that excites me the most about private social networks for healthcare is the potential to make the information technology go away and put the focus back on the patient-physican interaction and quality of clinical care.

  • Doctors save time in interviews because patients can record events and experiences before they come in to the office.
  • Data is more accurate since patients can record critical events like falls and BP drops, in proximity to the event itself.
  • Better data makes physician decisions easier and faster.
  • Better data is good for health and easier and faster is good for business.

What a beautiful business model – compassion, care and great business!

Tell your friends and colleagues about us. Thanks!
Share this

How to keep secrets in healthcare online


The roles of trust, security and privacy in healthcare.  If President Obama had told his psychiatrist he was gay, you can bet that it would be on Facebook in 5′. So much for privacy.

pri·va·cy/ˈprīvəsē/

Noun:

The state or condition of being free from being observed or disturbed by other people.

The state of being free from public attention

When it comes to healthcare information, there have always been two circles of trust – the trust relationship with your physician and the trust that you place in your healthcare provider/insurance company/government health service.

With social networks like Facebook, a third circle of trust has been created: the circle of trust between you and your friends in the social network.

Patient-doctor privacy

When we share our medical situation with our doctor, we assume we can trust her to keep it private in order to help us get well. Otherwise – we might never share information regarding thoses pains in in the right side over our abdomen, and discover after an ultrasound has been done, that our fatty liver is closely related to imbibing too many pints of beer and vodka chasers with the mates after work – when you have been telling the missus that you are working late at the office.

Healthcare provider – patient privacy

When we share medical information with our healthcare provider, we trust their information security as being strong enough to protect our medical information from a data breach. Certainly – as consumers of healthcare services, it’s impossible for us to audit the effectiveness of their security portfolio.

With our healthcare provider, revealing personal information depends on how much we trust them and that trust depends on how good a job they do on information security, and how effectively they implemented the right management, technical and physical safeguards.

If you’re not sure about the privacy, trust and security triangle, just consider Swiss banks.

Millions of people have online healthcare interactions – asking doctors questions onlines, sharing experiences in forums, interacting with doctors using social media tools like blogs and groups and of course – asking Dr. Google.

Privacy among friends

When we share medical information with our friends on Facebook/Google+ or Twitter we trust them to keep it private within our own personal parameters of vulnerability analysis.

Note that there is feeling secure (but not being secure – chatting about your career in crime on Facebook) and being secure while not feeling secure (not wanting to use your credit card online – face it, with over 300 million credit cards breached in the past 5 years, chances are, your credit card is out there and it doesn’t seem to make a difference now, does it?).

Trust between 2 people interacting (whether its face-to-face or on Facebook) is key to sharing sensitive information, since it mitigates or eliminates the damage of unexpected disclosure.

Let’s illustrate the notion of personal trust as a security countermeasure for unexpected disclosure with a story:

Larry interacts with his lawyer Sarah regularly, once a week or more. It’s a professional relationship, and over time, Larry and Sarah gain each others trust, and in addition to contracts and commercial terms and conditions, the conversations encompass children, career and life. Larry knows Sarah is divorced and is empathetic to the challenges of being a full-time mother and corporate lawyer. Come end of year, Larry sends Sarah a box of chocolate wishing her a successful and prosperous New Year. Sarah’s 14 year old daughter, who is pushing her to start dating again, sees the gift package and draws conclusions that Mom has a new beau. Sarah now has to go into damage control mode with a teenage daughter. It may take Larry months (if ever…) to regain the trust of his colleague. This is literally the damage of unexpected disclosure of private information.

Unlike a healthcare provider, on Facebook we only interact with our friends.

We have digital interactions with our healthcare provider, accessing a Web portal for medical history, scheduling visits and lab tests online etc. These are interactions unrelated to the personal relationship with our physician. The data in these interactions is regulated by governments and secured by healthcare provider information security organizations.

Your healthcare provider’s business model requires them to protect your health information from disclosure.

In our digital interactions on Facebook or Twitter,  there is no organizational element to the security, trust and privacy equation only the personal element. This is because your Gmail, tweets and Facebook conversations are the content that drives Google, Twitter and Facebook advertising revenues.

Social media business models require them to distribute as much of your content as possible.

So, is there a reasonable solution to ensure private healthcare interactions on social networks?

The answer,  I believe, lies in getting back to the dictionary definition of privacy, and creating a private social network for healthcare that enables you, your doctor and family to “be free from being observed or disturbed by other people”.

Tell your friends and colleagues about us. Thanks!
Share this

Tahrir square – the high-tech version

From Wired

The revolt that started a year ago today in Egypt was spread by Twitter and YouTube, or so the popular conception goes. But a group of Navy-backed researchers has a more controversial thesis:Egyptians were infected by the idea of overthrowing their dictator.

Using epidemiological modeling to chart the discussions and their trajectory online is an interesting idea, I don’t think that they are the first ones to do it.  It’s a different approach to social network analysis which analyzes social phenomena through the properties of relations between and within units instead of the properties of these units themselves. This approach apparently considers trajectories of content combined with natural language analysis to determine what people in certain regions, of certain age groups, genders, or any number of other demographics, are discussing.

We’ve seen how content interception, classification and analysis has had success in the enterprise information security space – in particular with identifying data leaks by trusted insiders and unauthorized disclosure of intellectual property. Doing it on a national or global scale, is much more than computing power.  It’s also understanding the political milieu and intent of the subjects, a powerful challenge for any intelligence organization.

I’m not sure how they collect the actual demographics, handle historical data, deliberate disinformation or feedback effects or even if their model is a good fit for the problem but it’s thought provoking.

Tell your friends and colleagues about us. Thanks!
Share this

Anatonme – a hand held device for improving patient-doctor communications

From a recent article in Healthcare Global.

Studies suggest that 30-50 percent of patients are likely to give up treatments early.  Microsoft Research has developed an innovative, hand-held medical device called Anatonme to help patients understand their issue and complete their treatment plan more often.

We’ve been doing research and development into private, controlled social networking to reinforce private communications between doctor and patient. It’s gratifying to see Microsoft Research doing work in this area.

Private social networking for doctors and patients provides highly effective secure data sharing between doctors and patients. It allows patient-mediated input of data before visits to the office, making the clinical data more accurate and complete and boosting the trust between doctor/healthcare worker and patient.

A private social network has a controlled 1 to N (doctor to patients) topology and physiological and emotional context, unlike Facebook that has a distracting social graph and entertainment context.

A private social network for doctors and patients also provides powerful information exchange and search:

  1. Capture critical events on a timeline (for example blood pressure, dizziness etc) that enables the doctor to respond in a timely fashion.
  2. Reconciles differences between what the doctor ordered and what the patient did.
  3. Granular access control for sharing of data between doctor, patient and referrals.

If you’re interested in hearing more – contact us.

Tell your friends and colleagues about us. Thanks!
Share this

Lies of social networking

Is marketing age segmentation dead?

My sister-in-law Ella and husband Moshe came over last night for coffee. Moshe and I sat outside on our porch, so he could smoke his cigars and we rambled over a bunch of topics, private networking,  online banking and the Israeli stock market.  Moshe grumbled about his stock broker not knowing about customer segmentation and how he used the same investment policy with all his clients.   A few anecdotes like that and I realized:

Facebook doesn’t segment friends

There is an outstanding presentation from a person in google research discussing this very point – a lack of segmentation in social networks:

http://www.slideshare.net/padday/the-real-life-social-network-v2

Almost every social networking site makes 4 assumptions, despite the fact that there is ample evidence that they’re wrong.

  1. Your friends are equally important
  2. Your friends are arranged into discrete groups
  3. You can manage hundreds of friends
  4. Friendship is reciprocal and equal

 

In fact :

  1. People tend to have 4 – 6 groups
  2. Each group has 2-10 people
  3. There are strong ties and weak ties.
  4. Strong ties are always in the physical world are < 6
  5. Weak ties in a business context are  < 150

 

Tell your friends and colleagues about us. Thanks!
Share this

Configuring email notifications to be friendly but secure

I have commented in the past on the generally low security level of Microsoft ASP.Net web applications which stems from the closed Microsoft monoculture and a product strategy that prioritizes ease of use over security and privacy by hiding features and functionality from the user.

In the course of a security audit/penetration test of a social networking Web site this week that was developed and deployed on Ubuntu, I was reminded yet again that we all have something to learn.  Even Linux geeks.

A common Web 2.0 rich Web application system deployment involves a Web server running php and postfix for delivery of  email notifications to Web site members. There are 4 key system requirements for such a deployment:

  • A. Deploy as a null client, i.e as a machine that receives no mail from the network, and does not deliver any mail locally. This is a hugely important requirement to not turning your Web server into a launchpad for spammers.
  • B. Rewrite the default Apache www-data@domain with something more meaningful like
    domain@domain.com without changing PHP code.   This is both a usability issue and a security issue, since it is a bad idea to advertise the fact that your Web site operations are clueless to the point of not knowing how to change default LAMP settings.
  • C. Provide a human-readable From: in the header so that the users of your great Web 2.0 social media app will see real names instead of your domain. This is definitely a usability issue unrelated to security.
  • D. Mask the email addresses of your users so that you don’t disclose personal information. This is a basic data security and privacy requirement.

Continue reading

Tell your friends and colleagues about us. Thanks!
Share this

Software security assessments

In a way, every software security assessment is an exercise in software development. The first step in the software security assessment project is requirements analysis. Requirements analysis is concerned with what the system (whether it be a “traditional” application or a rich Web 2.0 application for social networking) needs to do. This involves examining the requirements of the business itself, the users of the application against the backdrop of cost and engineering constraints such as throughput and response time when the application is deployed on a cloud computing platform.

Business Requirements

  • Business Requirements analysis – Describe the business and its it’s customers, suppliers and users, problems, issues and expectations. This is essential when developing a new application, but also crucial when you’’re making significant changes to an application. “Why” do you want to develop the software and “how much” is it going to cost? Is there a ROI (return on investment). Can your team develop and implement the product?
  • P.I.E – – Problems Issues and Expectations – Describe current problems and put the issues and expectations that users have in the current environment into separate categories. An expectation may be crucial to success of the project or it may be a “user satisfaction” feature that can be postponed to Revision 9.5
  • Causes and Consequences – Discuss causes of current system problems and their consequences. You will discover that a problem’s result is often a problem in it’s own right. You need to drill down to the root cause of the problem peeling away the symptoms.
  • Target system tasks – Discuss and observe users as they work with the software application. Remember that the important things are (a) how easy it is to install/start using a product (b) how fast it works and c) how intuitive is the UI. This is particularly relevant to Web-based applications, where the user experience will make or break the application.
  • System Design Alternatives Analysis – Very few systems are new. In alternatives analysis you will consider the strengths and weaknesses of existing approaches including not doing the project at all.

Software security requirements

A business requirements analysis is not enough to ensure that a system meets the real needs of its users or that it will ever succeed in the real world as a product. In fact, reducing a system specification to a set of required functions, without regard to how the functions are used or how they will be implemented in real hardware/software by real people is a guarantee for failure . The design of a new system or major change will usually involve the following steps:

  • Task Decomposition – Business requirements are broken down and mapped into software and hardware modules and features.
  • User stories– A “user story” corresponds to a feature of a system module. Stories are small, typically limited by an estimate to implement the software for a story by one programmer working for one week. The user story needs to stay in sync with the business requirements – and stay away from gold-plating.
  • Data Modeling – Data modeling describes the data elements in the assessed system and the relationships between the data elements. Done in parallel to developing the “user stories” and ensures that the data needed to do the job is on the model.
  • User Interface Design – The user interface needs to be considered at an early stage in the software security assessment cycle. Functional requirements are combined with the knowledge gathered about users and contexts of use to provide the most appropriate methods of interaction.
  • Incremental assessment by prototyping – Assess a little piece of the system with selected routines and a  UI.  Security assessment prototyping allows vulnerability hypotheses to be tested, with resulting feedback incorporated into an iterative process of software defect reduction. Early prototypes may be purely paper-based to test the design or using a the application to test the software in vitro.
Tell your friends and colleagues about us. Thanks!
Share this

Government Agencies Need to Comply with White House Directive to Keep WikiLeaks Documents Off of Their Networks

Yes – there is apparently a White House directive to keep Wikileaks documents off Federal networks – according to a directive from the White House Office of Management & Budget on the treatment of classified documents.

WASHINGTON, Nov 29 (Reuters) – The United States said on Monday that it deeply regretted the release of any classified information and would tighten security to prevent leaks such as WikiLeaks’ disclosure of a trove of State Department cables.

More than 250,000 cables were obtained by the whistle-blower website and given to the New York Times and other media groups, which published stories on Sunday exposing the inner workings of U.S. diplomacy, including candid and embarrassing assessments of world leaders.

The U.S. Justice Department said it was conducting a criminal investigation of the leak of classified documents and the White House, State Department and Pentagon all said they were taking steps to prevent such disclosures in future.

While Secretary of State Hillary Clinton said she would not comment directly on the cables or their substance, she said the United States would take aggressive steps to hold responsible those who “stole” them.

In the directive, federal agencies were informed that employees and federal contractors must avoid viewing and/or downloading classified documents that have been leaked via WikiLeaks disclosures. As the information on WikiLeaks is still classified, even if it’s in the public domain, a federal government employee electronically viewing the information from or downloading the information to devices connected to unclassified networks “risks that material still classified will be placed on non-classified systems”

NOTICE TO EMPLOYEES AND CONTRACTORS CONCERNING SAFEGUARDING OF CLASSIFIED INFORMATION AND USE OF GOVERNMENT INFORMATION TECHNOLOGY SYSTEMS”, Office of Management and Budget, December 3, 2010.

Data security vendor Fidelis Security Systems has announced that they will provide policies in their Network DLP product. Fidelis XPS to help ensure that employees cannot view or download classified documents.

Fidelis XPS is extremely powerful network DLP technology for high speed (in excess of 2.5GB) content interception and analysis in real time of data entering or leaving a network.   With all due respect to the power of Fidelis network DLP, the White House Directive is nonsense.  It’s more security theater, not security countermeasures, designed to show that the administration is “doing something”.

The directive is nonsense for a number of reasons:

a) Requiring employees and federal contractors to avoid viewing and/or downloading classified documents that have been leaked via WikiLeaks disclosures is like saying – “well, you will have to disconnect yourself from the Internet, from Facebook, From Gmail and your smart phone”.   It’s not a practical strategy, since it’s impossible to enforce.

b) The network vector is almost certainly not how the information was leaked.  First of all, this means that network DLP solutions are not an appropriate countermeasure against Wikileaks. Releasing custom network DLP policies for Wikileaks is a crude sort of  link-baiting; misdirected, since Federal decision makers don’t evaluate data security technology  using social media like Facebook.

The Wikileaks documents are provided by trusted insiders that have motive (dislike Obama or Clinton), means (physical, electronic or social access) and opportunity (no one is watching).   There is little utility (besides appearing to be doing something) to install network DLP technology to prevent employees from viewing or downloading.

c) And finally it’s nonsense because the OMB directive talks about viewing and downloading documents and not about leaking.

If the White House is serious about preventing more leaks they should start by firing Secretary Clinton.

Then again – perhaps the wikileaks documents were all leaked under tacit direction from the White House.  Since President Obama has a pattern of sticking it to US friends (Israel, Czech Republic, Poland) whatever embarrassment it might cause friendly allies is more than worth the price of issuing a worthless OMB directive.

Tell your friends and colleagues about us. Thanks!
Share this

What is security?

So what is security anyhow?

Security is not about awareness.

A lot of folks talk about the people factor and how investing in security awareness training is key for data protection.

I think that investing in formal security awareness training, internal advertising campaigns and all kinds of fancy booklets and cards for employees is a waste of time and money.  I prefer a  CEO that says “here are my 4 rules” and tells his staff to abide by them, who tell their direct reports to abide by them until it trickles down to the people at the front desk.  Making common sense security part of the performance review is more effective than posters and HR training.

Security from this perspective, is indeed an exercise in leadership. Unfortunately, in  many organizations, the management board sees themselves as exempt from the information security rules that they demand from their middle managers and employees. It might be a general manager bringing his new  notebook into the office, jacking into the corporate LAN and then attaching a wireless USB dongle effectively bridging the corporate network to the Internet with a capital I, not understanding and not really caring about the vulnerability he just created.

Security is not an enterprise GRC system

If you take a look at the big enterprise GRC systems from companies like Oracle – you see an emphasis placed on MANAGING THE GRC PROCESSES – document management and signature loops for ISO certification, SOX audits etc. I suppose this makes the auditors and CRO and Oracle salesperson happy but it has nothing to do with making secure software. In my world – most hackers attack  software, not audit compliance processes and GRC documentation. In other words – managing  GRC processes is a non-value add for security.

Security doesn’t improves your bottom line
Have you ever asked yourself why security is so hard to sell?

There are two reasons.

1) Security is  complex stuff and it’s hard to sell stuff people dont understand.

2). Security is about mitigating the impact of an event that might not happen, not about making the business operation more effective.

Note a curious trait of human behavior  (formalized in prospect theory – developed by Daniel Kahneman and Amos Tversky in 1979), that people (including managers who buy security) are risk-averse over prospects involving gains, but risk-loving over prospects involving losses.

In other words – a CEO would rather take the risk of a data breach (which might be high impact, but low probability) than invest in DLP technology that he does not understand. Managers are not stupid – they know what needs to be done to make more money or survive in a downturn. If it’s making payroll or getting a machine that makes widgets faster for less money – you can be sure the CEO will sign off on making payroll and buying the machine before she invests in that important DLP system.

Since almost no companies actually maintain security metrics and cost of their assets and security portfolio in order to track Value at Risk versus security portfolio over time – a  hypothesis of return on security investment cannot be proven. Indeed – the converse is true – judging by the behavior of most companies – they do not believe that security saves them money

So what is security?

It’s like brakes on your car. You would not get into a car without brakes or with faulty brakes. But brakes are a safety feature,  not a vehicle function that improves miles per gallon. It’s clear that a driver who has a lighter foot on the brakes will get better mileage, and continuing the analogy, perhaps spending less money on security technology and more on security professionals will get you better return on security investment.

Challenge your assumptions about what makes for effective security in your organization.  Is enterprise security really about multiple networks and multiple firewalls with thousands of rules? Perhaps a simpler firewall configuration in a consolidated enterprise network is more secure and cheaper to operate?

Tell your friends and colleagues about us. Thanks!
Share this

Private social networking for healthcare

I think we’re rapidly approaching a  point in time where people will pay for privacy.  I know that after a super-hot month of August with the house full of kids chain-watching Ratatouille, I would pay someone for some privacy.

The privacy controls that governments are attempting to impose on social media and the technical safeguards that social networks like Facebook are implementing seem to be band-aids on a larger and much more significant two-part problem

  1. How to enable individuals to control the information they disclose?
  2. How to enable individuals to put their value in front of their social graph?

I believe that the brunt of the public debate has been on question number 1 – primarily because of the sheer size and entertainment/leisure time/socializing/shmoozing/networking elements of Facebook and LinkedIn and other social media web sites.  As Bruce Schneier has noted in some of his recent essays – privacy on the Net is not necessarily about forbidding disclosure  (like the regulators are trying to do with PII and PHI compliance regulation) but about controlling what you share.

But  entertainment, leisure time, socializing and networking are not everything in life – and as a matter of fact – most people go to work and either create, make, sell or buy for a living.   Question number 2 is about increasing your disclosure in a controlled way and putting your value forward to your customers and not behind the company that you represent. Value backwards (as opposed to value forwards) is the way most information technology and big pharma is sold today – you work for a security integrator and you’re reselling someone else’s product extolling the virtues of Websense DLP (like 10 other resellers in your geography) or you’re a medical sales representative for MSD and you’re extolling the advantages of Remicade for treating Crohn’s disease.

But – we all know that the reason the customer is talking to you is because he values you (or thinks you might have something of value to sell).

Last year we did a private, professional networking project for one of the big 3 innovative pharmas at one of their Central European offices. It was a successful clinical trial of what we thought was a good idea – enabling medical sales representatives to place their value in front of their social graph of doctors.   As we approach release of the beta version of a productized version – it seems time to get some feedback on the notion of private, controlled networking. So here it is – feel free to comment online or email me.

Tell your friends and colleagues about us. Thanks!
Share this