For users of iPhones, Blackberries, Androids and/or Skype

We live in an age that's nothing short of Orwellian.

There's a new industry that secretly vacuums up your data and preserves it forever on high-end servers that hold many petabytes (a million gigabytes) of information.

WikiLeaks has just released the Spy Files – a trove of almost 300 documents from these companies that shine a light into this industry.

One, a brochure from SS8 of Milpitas, California, touts its Intellego product that allows its owner to see (in real time, if it wants) such things as your draft-only emails, attached files, pictures and videos.

State agencies have expanded their data-collecting to include data on water and sewage billing, visitor logs from parks and recreation facilities and much more.

To read more about this subject, click here for Wikileaks: The Spy Files 2011-12-01

NB: Several posts to this blog have been on the subject of security. I feel that The Spy Files need to be part of any consideration of this subject.

= = = = = = = = =

It turns out that spyware is running on hundreds of millions of smartphones and tablets.

The carriers explain their use of this spyware program in a way that makes it sound harmless. However, it only sounds harmless until you see, among other things, that it is capturing your every key stroke.

With iPhones, which have the program in them, turning off the spyware program is sometimes easy.

If you’re running iOS 5.x, just head to:

Settings > General > About > Diagnostics & Usage

and click “Don’t Send” on.

If you’re running iOS3 or 4, however, I don’t know of any current way to disable the service.

With Android phones, it’s much trickier, but it can be done. The story on BlackBerries is a bit murky.

Hopefully, because this practice has received a lot of attention recently, the carriers will soon make it simple to disable this spyware for those of you who don’t want to share everything you do on your phones with your phone companies.

Security Requirements for Electronic Health Records Redux

Click here for a commercial white paper on the title subject from the vendor Symantec. Although much of its content appears in earlier posts to this blog, this white paper presents a good summary of today's conventional wisdom on the subject.

Counter views abound, however. For example, many believe that there is no such thing as cybersecurity. That’s because no system can be 100% secure. There is no uncrackable code.

Wikileaks and EHR Security

As far as the leaked US cables are concerned, the fury of the US administration and of certain US politicians was, for a time, positively comical. It stopped being funny when they began talking about prosecuting Julian Assange for "espionage", given the draconian penalties that a conviction would carry. But the State Department's indignation over the leaks of allegedly valuable secrets was, and remains, preposterous.

Why? Because there is absolutely no way that a huge database containing 250,000 "secret" documents that can be lawfully accessed by more than a million officials can ever be secure. Any security engineer will tell you that it cannot be done: if you want to keep things secret online then the only way to do it is by compartmentalizing the system. Huge, monolithic computer systems are intrinsically insecure.

So, I believe that what is true of Wikileaks is true of Electronic Health Records (EHR) in so far as security (confidentiality) is concerned. Actually, as any reader of his or her hometown newspaper or local TV news knows, all computer systems are potentially insecure. Caveat emptor.

Decision Makers Are Not Always "Insiders"

Over the past year or so, this blog has bandied about terms like interoperability, open-source, disambiguation, security and databases. All of this has been from the points of view shared by most "insiders" concerned with the introduction of electronic health records (EHR) systems into their local, regional or even national computer networks. I'm talking about individuals (including me) who typically follow other blogs like http://i2b2-zak.blogspot.com and http://geekdoctor.blogspot.com.

However, there are many more individuals who follow (and whose thinking is influenced by) publications like The Wall Street Journal and The New York Times. What they read is reports like "In a paper published last year, Alessandro Acquisti and Ralph Gross (two researchers from Carnegie Mellon University) reported that they could accurately predict the full, nine-digit Social Security numbers for 8.5 percent of the people born in the United States between 1989 and 2003 — nearly five million individuals." that I believe are sometimes more likely to influence their thinking than are the reports that you and I read in the blogs (and other publications) written by "insiders." So, with this last thought in mind, I place the following links to a few recent articles read by many of the decision makers out there.

http://www.nytimes.com/2009/11/16/business/16records.html?_r=1&scp=4&sq=electronic%20health%20records&st=cse

http://www.nytimes.com/2010/03/17/technology/17privacy.html

http://www.nytimes.com/2010/04/13/opinion/l13privacy.html

http://online.wsj.com/article/SB10001424052748704259304575043572008622004.html

http://online.wsj.com/article/SB10001424052748703625304575116512173339800.html

http://online.wsj.com/article/SB10001424052748703580904575132111888664060.html?KEYWORDS=electronic+health+records

This is not meant to be a representative sample. Just a reminder that you and I may or may not be speaking the same language as the general public, which counts among its numbers many high-ranking decision makers. So, what else is new?

Security Problems on Flash Drives

Kingston, known as one of the giants in portable memory, has recently confirmed a security problem with some of their DataTraveler series. The problem centers on the fact that even if encryption is used, it is possible to gain access to the data on the device.

In a statement, a company spokesperson said that someone with physical access to the flash drive could access the encrypted data, given the will to do so and the skill needed. The spokesperson went on to mention that the encryption used is sound, only that “there is a small loophole regarding the processing of the password.”

While the data on the drive is indeed encrypted using 256-bit AES encryption, there’s a huge failure in the authentication program. When the correct password is supplied by the user, the authentication program always send the same character string to the drive to decrypt the data no matter what the password used. This character string is the same for not only Kingston USB flash drives but those of SanDisk and Verbatim as well.

Cracking the drives is therefore quite an easy process. The folks at the security firm SySS wrote an application that always sent the appropriate string to the drive, irrespective of the password entered, and therefore gained immediate access to all the data on the drive.

These drives are sold as meeting security standards making them suitable for use with sensitive US Government data (unclassified rating) and have a FIPS 140-2 Level 2 certificate issued by the US National Institute of Standards and Technology (NIST) and companies like CapMed (Newtown, Pa.) -- to name one -- are putting personal health records on USB drives.

If you're using one of these USB stick from Kingston, SanDisk or Verbatim, you may want to get in touch with them.

Costs and Benefits of a Unique Patient Identifier for The U.S. Health Care System

In the healthcare industry, misidentification errors are not restricted to diagnostics and therapeutics but also may affect documentation. So, my earlier posts on semantics, ontologies, interoperability and the like notwithstanding, all is for naught when a given document doesn't provide information about a given patient. A chain is only as strong as its weakest link and patient identification is usually the first link in the healthcare chain.

Complicating the issue, not everybody can participate to the same degree or in the same way in the process of identifying a patient uniquely. Neonatal and senile patients are two groups where health providers and technology are on their own, when it comes to identifying the patient. Naturally, readers of this post fall into neither of these groups.

See, for example, Patient Misidentification in the Neonatal Intensive Care Unit: Quantification of Risk at

http://pediatrics.aappublications.org/cgi/reprint/117/1/e43.pdf

which provides a rather thorough study of errors in the first of these three groups.

The information that is used routinely for patient identification is frequently similar but often not recognizably unique.

In my November 20, 2009 post, Biometric and Other Identification Technologies, I discuss some leading technologies.

Although widely touted as “great” in security circles, all biometric devices (i.e., fingerprint, palm outline, iris, retina, et al) used for unique identification produce false positives and false negatives.



For example, an episode of Fox's "24" last season showed a White House visitor placing her thumb on a fingerprint scanner, a type of screening that is not typically used at the White House.

Fingerprint: false positives or negatives with scars, calluses, cracks in the skin, dirt, household cleaners and other variables.



Retina scan: susceptible to diseases such as glaucoma.



At the same time, non-biometric technologies have their own sources of error.



For a widely discussed examination of the costs and benefits of a unique patient identifier for the U.S. health care system, see

http://www.rand.org/pubs/monographs/2008/RAND_MG753.pdf

This recent study says using unique patient identification numbers for U.S. citizens would reduce medical errors, make electronic health records simpler and protect privacy.

The study says that despite a potential cost of $11 billion to create unique patient ID numbers, the effort "would likely return even more in benefits to the nation's health care system."

Most health care systems use statistical matching to find EHRs, according to the study by RAND Health, a research division of the RAND Corp. Statistical matching looks for demographic information, including names, birth dates and all or part of Social Security numbers.

See my November 17, 2009 post, Unique Patient Identification Numbers, Electronic Heath Records (EHR), Electronic Medical Records (EMR), and Social Security Numbers (SSN).

RAND researchers, who reviewed past studies, said that method causes errors or incomplete results about 8% of the time and leaves patients more exposed to privacy breaches.

"Assuming every health care system would have these [ID] numbers, then you'd be more likely to pick up all of the person's information," said Richard Hillestad, PhD, the study's lead author. "It would certainly make a lot of things easier."Using demographic information to locate EHRs causes errors or incomplete results about 8% of the time.

But critics expressed concerns.

"It's an absolutely terrible idea," said Deborah Peel, MD, a psychiatrist and chair of the Patient Privacy Rights Foundation, a watchdog group based in Austin, Texas. "Any database that has these numbers is bound to be a treasure trove for identity thieves."

The study was funded by a group of health information technology and IT companies, but Hillestad said that didn't influence the outcome. Dr. Peel is skeptical. "The combination [of data] is really deadly," she said. "That's why I say this is a data miner's dream."

The American Medical Association advocates prohibiting the sale and exchange of personally identifiable health information for commercial purposes without a patient's consent. The AMA also advocated in 1999 in favor of legislative action to repeal the portion of the Health Insurance Portability and Accountability Act of 1996 that mandated use of a unique patient identifier.

Hillestad said privacy is a big issue, but touted the ID numbers as a security boost.

"You're not sending all of the name and demographic information through the line to get connected," he said. "[Privacy] would depend on how much you protect the numbers."