September 11, 2011 at 11:39 pm
Comments posted to this topic are about the item A Matter of Life or Death
Follow me on Twitter: http://www.twitter.com/way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
September 12, 2011 at 1:34 am
Pacemakers, helps the heart control the speed and the pumping, are said to be very easy to hack. So if someone wanted it should not be much trouble. The pacemakers are calibrated and adjusted to each individual that has one individually by radio-waves and no one else with a pacemaker is allowed to be close by because their pacemaker might be adjusted then as well.
But no, I do not know about anyone who has died because of a data breach. However, who knows what goes on in military spy operations or such things...
September 12, 2011 at 5:31 am
I've seen a recent post on hacking insulin pumps in order to hijack their control as well a survey of corporate infosec professionals (typically CISSPs) that they don't believe their organizations will be targets.
If companies would even take the first step for an employee awareness campaign, I believe it would help make them more secure beyond where they are today.
September 12, 2011 at 6:50 am
Over 10 years ago I applied for life insurance supplemental to my company's and was told that I would have a higher rate because of my diabetes and loss of limb and blindness associated with advanced stages of the disease.
The only problem is I still have all my limbs and digits and better than 20/20 vision in both eyes. And I've never had diabetes.
I was told that the Insurance industry has a risk and actuarial database that showed me with these issues and that there was no recourse. Indeed I've not found one in a decade. In the past decade I've also still paid an inflated premium for life insurance.
I have also ended up having to get a physical anytime there was an insurance related increase in my life insurance or when I bought my house Mortgage Insurance in the past decade because of this record.
At the time this occurred virus's and identity theft was virtually unheard of so I view that this was a HUMAN error.
The premiums are killing me.
So Steve, maybe it hasn't killed anyone yet but it's not from lack of trying.
September 12, 2011 at 7:19 am
I am the Sr. Data Architect at Indiana Health Information Exchange, the nation's largest and oldest exchange of medical and health data. Security and accuracy are an extreme concern here because the information that we gather and report are used to literally save patient's lives. I can't imagine a worse scenario than the one depicted in the novel Steve mentioned.
If a patient arrives at one of our participating hospital's emergency department, the attending doctor can pull up an abstract of the patient's entire medical history regardless of hospital network. This has saved the lives of many unconscious patients who could not relate their allergies or conditions but the data was able to inform the doctor. It also reduces unnecessary tests and scans since the results are readily available as well.
The Quality Health First program is also leading the way in using patient information to measure how well doctors are performing for their patients in treating and preventing chronic illnesses and conditions. Our measure calculations software processes millions of patient events to perform 20 different quality measures. The latest version (running on SQL Server 2008 in stored procedures) can calculate all of this for millions of patients in as little as 1.5 hours on a 8 core, 8GB memory VM server!
LinkedIn: http://www.linkedin.com/in/sqlrv
Twitter: http://www.twitter.com/sqlrv
Website: http://sqlrv.com
September 12, 2011 at 7:27 am
Aaron N. Cutshall (9/12/2011)
I am the Sr. Data Architect at Indiana Health Information Exchange, the nation's largest and oldest exchange of medical and health data. Security and accuracy are an extreme concern here because the information that we gather and report are used to literally save patient's lives. I can't imagine a worse scenario than the one depicted in the novel Steve mentioned.
It would be horrible, but these days with the cost of health care and the identity theft that occurs, it will only be a matter of time. Hopefully if it happens it's the thief that has trouble, not a victim.
Follow me on Twitter: http://www.twitter.com/way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
September 12, 2011 at 7:30 am
Saying there hasn't been a death yet is ridiculous. Did the author investigate every death in every hospital, clinic and doctor's office?
I think it is fair to say nobody has identified one.
It is just a matter of time. With illegal immigration, hospitals are being destroyed by people coming in, using someone elses information, then not paying. Yes it hurts the individual, but it hurts the hospitals more. You and I pay more BECAUSE of things like this. (Another major cost is incompetent doctors, but that is off topic.) Health insurance costs are rising so quickly in part because hospitals are not getting reimbursed by the government for valid cases and not at all for fraudulent cases. Private insurance pays a higher rate due to this. You don't even want to know what happens to those without insurance who actually are here legally! No discount...
The so called health reform bill makes it worse. You have to pass it before we can read it resulted in the government creating a group of people totally without any contols over them that have the ability to define who gets what. Do we doubt people are going to start hacking records to influence what treatments are allowed? I don't.
Hospitals (along with every other business in this country) do NOT protect their data sufficiently. As a comparison, recently people could monitor communications with Predator and Global Hawk drones! The military doesn't secure things, do we think private industry does?
The post from the person who pays an arm and a leg for insurance because the insurance company says he doesn't have any is not a rare example, it is common. Soon we will be paying more based on genetic tests. You have the cancer gene, no coverage. You have the heart disease gene, no coverage unless you are under 20. Do we believe companies are going to be honest in their treatment of people then? Wasn't insurance supposed to "group" people to moderate the risk? Now if you have a risk you can't join a group, do we believe people won't hack records to change this?
There are dishonest people everywhere. Hacked records that kill someone are a fact we have not yet discovered or something that will happen soon. We aren't doing our best to prevent it.
Dave
September 12, 2011 at 7:32 am
One thing I forgot, soon your health records will be shared across the nation with anyone who wants access. It is called HIE's and HEN's. These groups will be requiring hospitals and doctors to share information on every patient. Your only recourse, to opt out.
Yes that is right, we are going to take health records for every American and FORCE them to be shared with ANYONE who claims an interest! You can do nothing about it either, because they aren't providing a reliable way to opt out and guarantee it, and they aren't even worrying about security. It is all about how to share the date easily, security may come later, probably not.
Dave
September 12, 2011 at 7:53 am
djackson 22568 (9/12/2011)
One thing I forgot, soon your health records will be shared across the nation with anyone who wants access. It is called HIE's and HEN's. These groups will be requiring hospitals and doctors to share information on every patient. Your only recourse, to opt out.Yes that is right, we are going to take health records for every American and FORCE them to be shared with ANYONE who claims an interest! You can do nothing about it either, because they aren't providing a reliable way to opt out and guarantee it, and they aren't even worrying about security. It is all about how to share the date easily, security may come later, probably not.
Dave, I beg to disagree. As an HIE, while it is important to have APPROPRIATE access to APPROPRIATE medical records to provide the services that we do to improve the patient's healthcare, it is most certainly not shared with "ANYONE who claims an interest!" Security is paramount and actually impedes the ease of data sharing -- which is as it should be. We encrypt and monitor the data that we store. Access to the data is certainly not wide open and we track who has accessed the data and for what purpose. We have strict rules to follow with severe penalties for not adhering to the rules. Would my job be easier without such rules? Of course! But it would certainly not be better for patients! All of our work is based upon using only the minimal amount of data necessary and we have to be able to justify any and all of that data use.
I have noticed that people seem to be more concerned with their personal health information (PHI) than they are about their financial records. Seemingly some of the same people who have no problem submitting their credit card online or managing their bank accounts online also balk at sharing their health information from one health care provider to another. Yes, patients can opt out of the system of having their PHI stored and shared, but they would not enjoy the benefit of the HIE either. Patients who do not participate cannot benefit.
LinkedIn: http://www.linkedin.com/in/sqlrv
Twitter: http://www.twitter.com/sqlrv
Website: http://sqlrv.com
September 12, 2011 at 8:31 am
Aaron N. Cutshall (9/12/2011)
Dave, I beg to disagree. As an HIE, while it is important to have APPROPRIATE access to APPROPRIATE medical records to provide the services that we do to improve the patient's healthcare, it is most certainly not shared with "ANYONE who claims an interest!" Security is paramount and actually impedes the ease of data sharing -- which is as it should be. We encrypt and monitor the data that we store. Access to the data is certainly not wide open and we track who has accessed the data and for what purpose. We have strict rules to follow with severe penalties for not adhering to the rules. Would my job be easier without such rules? Of course! But it would certainly not be better for patients! All of our work is based upon using only the minimal amount of data necessary and we have to be able to justify any and all of that data use.
With the advent of obama-care and even more government involvement in peoples lives the risks for fraud and abuse will increase. I wish I could share your optimism but past experience with government competency and efficiency proves otherwise. Like the TSA "rent-a-cops" caught stealing peoples personal property we will see the same thing with their personal information.
The probability of survival is inversely proportional to the angle of arrival.
September 12, 2011 at 8:37 am
sturner (9/12/2011)
With the advent of obama-care and even more government involvement in peoples lives the risks for fraud and abuse will increase. I wish I could share your optimism but past experience with government competency and efficiency proves otherwise. Like the TSA "rent-a-cops" caught stealing peoples personal property we will see the same thing with their personal information.
I'm sorry that you feel that way. I can't speak for other organizations, but I do know that here at least security is taken very seriously. You read in the papers about various data breaches (most unintentional) and our COO has made things quite clear in stating that "we will not be one of those articles in the paper -- ever!" Data security is so tight that it does impede upon what we're trying to accomplish. But then, that's also the point that security comes first.
LinkedIn: http://www.linkedin.com/in/sqlrv
Twitter: http://www.twitter.com/sqlrv
Website: http://sqlrv.com
September 12, 2011 at 8:53 am
Aaron N. Cutshall (9/12/2011)
I'm sorry that you feel that way.
So am I. Having paid into government programs & scams all my life (taxes, Social [in]Security, medicare, FUT etc.) and hearing the promises and seeing the bankrupt results is not encouraging.
If the programs were voluntary instead of mandatory they would have to demonstrate competence and efficiency in short order. Whenevr something is mandatory get ready and grab your ankles.
The probability of survival is inversely proportional to the angle of arrival.
September 12, 2011 at 9:05 am
Mandatory participation does sound intimidating and authoritarian, but in this case it also saves lives. For example, if you arrive at a hospital's ED unconscious and emergency medication that is normally given in your condition were given but the last hospital that you went to did not participate then the doctors may not know about the allergy you have to the medication that was reported in the last hospital. Your life could be placed into jeopardy because of gaps in information. An incomplete picture is often times just as dangerous if not more so than no information at all.
You're also correct that the success of this also depends upon people being reputable stewards of your information. This is not so different in the financial world that is also heavily scrutinized by governmental rules and regulations. In fact, because of the paranoia that people have with their PHI and the regulations that have arisen as a result, I feel that my PHI is more secure than my financial information!
LinkedIn: http://www.linkedin.com/in/sqlrv
Twitter: http://www.twitter.com/sqlrv
Website: http://sqlrv.com
September 12, 2011 at 9:38 am
To shed a little different light on the conversation and shy away from the easily bashable healthcare disaster.
Military data could jeopardize lives. Time tables, personnel schedules, artillery coordinates, munitions locations, troop movements, and on and on. All these things would put someone's life at risk if it were mishandled or insecure.
Data related to manned space missions (and unmanned) and nuclear technology could also jeopardize lives. These tolerances for success and safety are sometimes non-existent.
GPS coordinates would easily endanger someone's life. Imagine global positioning being off by a mile (or kilometer for you other people).
Building tolerances (structures/air frames/automobiles/ships/subs etc). All this data and these algorithms must be held in a database somewhere.
No matter what data you're administering, it more likely than not has a real impact on our day to day lives. We must always be vigilant.
September 12, 2011 at 11:15 am
That reminds me of the Sandra Bullock film "The Net". One of her colleagues dies because the computer instructs the nurse to administer penicillin which proves fatal to the patient. Not a great film in terms of realism or technology, but it was scary then and it's even more scary now.
Viewing 15 posts - 1 through 15 (of 22 total)
You must be logged in to reply to this topic. Login to reply