Study Finds Data Security Still Lags
Data security is not rocket science, but it's one of those things that takes detailed focus to get the right technology, policy and procedures in place. And it seems that the stories about lost laptops with tens or hundreds of thousands of patient records are not just some fluke or exceptional occurrence.
Sadly, this report notes that organizations still ignoring HIPAA security requirements have risen from 38% in 2005 to 40% in 2006. There some good news in the report: enterprise focus has shifted from throwing technology at the problem to actually implementing policies and procedures to improve security – you know, like, “if you're going to take that laptop home, be sure to encrypt the data first.”
You know your information security strategy is working when the
number of successful breaches is low, the amount in financial losses is
negligible and network downtime is kept to a minimum. Unfortunately, a
large percentage of security leaders worldwide have no idea if their
security plans are working because they don't know any of these numbers.
From 2003 to 2005, the percentage of survey respondents saying they
had fewer than 10 negative information security incidents in the past
year remained steady. But this year, we included the option to answer
that you do not know how many negative security incidents occurred.
This year, nearly one-third of respondents admitted that they do not
know how many breaches or unauthorized access events occurred within
their organizations.
To a certain extent, that's understandable. Attacks can be hard to
identify, and networks can be extensive. What's less comprehensible is
that a significant portion of respondents said they have not installed
some of the most rudimentary network safeguards. Only one-third of
respondents have put in place patch management tools or monitor user
activity. Less than half use intrusion detection software or monitor
log files (the two best methods organizations can employ to detect
breaches) and even fewer use intrusion prevention tools. Surprisingly,
more than 20 percent of respondents don't even have a network firewall.
There's lots of good marketing data in the story, and good benchmarking across Finance, Healthcare, Government and Education markets.
Patient Death in ED Wating Room Ruled Homicide
A patient in the Vista Medical Center (Lake County, IL) emergency department waiting room died of a heart attack while waiting to be seen. The patient reportedly presented with shortness of breath and chest pain, was briefly triaged, and expired some time during a subsequent 2 hour wait to be seen by physicians.
In a startling decision, a coroner's jury investigating the case ruled
that her death was a homicide, which opens the door for criminal
prosecution.
“The definition of homicide that I give to the jury is either a willful
and wanton act or recklessness on the part of someone, whether that's
by their actions or by their inactions,” [Dr. Richard] Keller [coroner of Lake County, Ill.] said. “Certainly, by
that definition, this is a homicide.”
The hospital is not commenting on the ruling.
Coroner's juries have gone by the wayside in most U.S. jurisdictions, but they're still used in Illinois and Canada. Coroner's juries are supposed to determine the manner of death (the coroner typically rules on natural causes). The manner of death is a judgment on what brought about the cause
of death. Cause of death is predetermined
by the coroner's autopsy and is presented to the jury. The possible manners of
death include:
- Natural Causes
- Accidental Death: A death resulting from an accident or injury not
intentionally caused by the deceased or by another. - Suicidal Death: A death resulting from the intent by the deceased to
terminate his own life by any means. - Homicidal Death: A death that results from an accident or injury when:
- The injury was intentionally caused by another person to the
deceased or, - A person acts in such a willful and wanton (reckless) disregard for
life that his/her actions are likely to cause death. (Manslaughter;
Reckless Homicide). Reckless Homicide often includes the driving of a
vehicle that causes a fatality while under the influence of alcohol or drugs.
- The injury was intentionally caused by another person to the
- Undetermined Death; If evidence as to the manner of death is unclear,
or jurors cannot unanimously agree on a verdict.
(You can read about one person's experience on a coroner's jury here.)
Dr. Leigh Vinocur of the American College of Emergency Room Physicians is quoted, and the story is spun as an example of emergency department capacity problems nation-wide. If this was a symptom of ED overcrowding, we would hear about similar situations – thankfully we don't. This sounds like a tragic mistake, possibly exacerbated by overcrowding.
HIMSS 2007 Medical Device Connectathon – An Impending Flop?
The IHE PCD (that's the Integrated Health Enterprise, Patient Care Device) working group has extended the deadline for vendors to sign up to participate in the medical device Connectathon at the next HIMSS meeting. So far, there are four (4) vendors who have committed to sending data and two (2) committed to receiving data.
This is awfully disappointing. I could understand if vendors had to support 1073 to participate in the Connectathon – I mean who really supports 1073? But this first Connectathon is based on HL7, and there are lots of vendors with an HL7 data export server in their stables.
Come to think of it, there are more than 6 vendors on the IHE PCD working group! Hopefully more vendors will agree to participate now that the deadline has been pushed back to September 25th. If you'd like to participate and just don't have the bandwidth, let me know, maybe I can help out.
If anyone else has any thoughts about this abysmal turnout, feel free to share them in the comments below.
Pingbuzz Blog & First Responder RTLS
I came across the Pingbuzz weblog while doing some research. The site offers an interesting amalgam of posts on wireless mobile devices for health care, fitness and wellness applications. Check em out.
A recent post on Pingbuzz that caught my eye – a somewhat questionable patent application for a combo patient worn monitor and RFID (press release).
announced today that its wholly owned subsidiary MRID Technologies has
filed a U.S. patent application for the company's iMPak on-location human
asset monitoring technology. Short for “intelligent mobile pack,” iMPak is
a wireless, two-way, data/voice communication system embedded in a 5″ X 5″
X 5/8″ package that allows the device to transmit location, vital sign and
other critical data immediately and effortlessly to a central control room
or handheld device.
My comment regarding the “questionable” patent app refers to the obviousness of the overall solution. The company is targeting the emergency responder market segment.
life-saving tool in emergency situations,” said QuadTech CEO John Meier.
“iMPak fits easily into a work vest or uniform, and is capable of reading
the wearer's heart rate, respiratory rate, body temperature, and even his
or her state of consciousness, as well as location — all without any
attachments to the body.”
The system uses ultra wide band technology.
Hoana PSA Technology Update
MedGadget has an update on Hoana's Passive Sensor Array technology measures heart rate and respiration without any patient connected sensors. Hoana has updated their website considerably since my last post about them (it seems there's been some management changes as well).
reliable and convenient measurements of heart and respiration rates,
(as compared to conventional measurement methods) including tests under
severe conditions, such as the high noise and vibration environment of
US Army Medevac helicopters.
Hoana has targeted med/surg units with the goal of reducing “failure to rescue” situations and the resulting adverse and sentinel events. Working their technology into emergency response is intriguing.
You can check out my previous posts here (funding Series C round) and here (getting their 510k). Pictured right is a snazzy new shot of the Hoana bedside display.
