MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

You are here: Home / Health Technology / Electronic Medical Records (EMR) / Exploiting privacy breaches: The info-security cold war

Exploiting privacy breaches: The info-security cold war

By Leave a Comment

By John D. Halamka, MD

Dr. John Halamka

I’ve described information security as a Cold War, requiring constant investment and vigilance to innovate faster than the hackers and criminals who are stealing data to commit identity theft.

I’m spending an increasing percent of my resources on regulatory compliance and data protection.

Over the past year, Federal and State governments have

1. Specified standards to protect health care data during transport
2. Required encryption of data at rest.

3.  Required breach notification to patients and prominent media 
4. Created policy to define meaningful consent and other important patient privacy rights
5. Launched a new initiative on data segmentation in an effort to support more granular health care privacy preferences

CIOs and Chief Information Security Officers are working as hard as they can, hackers are intensifying their attacks, and the world is accelerating its adoption of mobile technologies that make perfect control of data more challenging. Despite all our efforts, breaches will occur. Even the most sophisticated security companies have been breached by increasingly sophisticated malware.

There’s a dark side to all of this that is the subject of today’s blog post – using the new privacy breach reporting laws for personal gain.

There are many good attorneys. My parents are attorneys (patent and business law). Some of my favorite colleagues are attorneys working hard in the public interest (Deven McGraw at CDT, Jodi Daniel  at ONC).

As with any profession there are those attorneys who use the law for personal gain. Here’s a list of privacy breach class action suits, comparing payments to attorneys versus their clients. 

There are many good investors. Accelerating new technology by providing funding to those who can build high value businesses is a good thing. As with any profession, there are investors who put profits ahead of societal benefits.

I’ve heard discussion about an alarming new business model. Investors paying attorneys to file class action suits related to privacy breaches in return for a portion of the profits.

Privacy Breach reporting is now public. Identifying a class is easy.

However, if the risk of harm from the privacy breach is low, attorneys may not want to bear the expense and burden of filing a suit, given that recoveries might be minimal. If investors underwrite the risk, realizing that most health care organizations will want to settle rather than spend time and resources on litigation, we’ll likely see a lawsuit following every reported privacy breach.

To me, there are different kinds of privacy breaches – those which are caused by true carelessness and those which occur because of sophisticated attacks that the Pentagon could not even repel. We should hold organizations accountable for implementing best security practices to protect privacy. We should report breaches to patients and prominent media, since breach reporting regulations provide a great incentive to invest in appropriate security. However, we should do this in an effort to enhance the society we live in, not generate profits.

As we all work together on electronic health records and health care information exchange, let’s try to create regulations that do that right thing

1. Protect the data
2. Respect patient privacy preferences
3. Recognize the difference between hard to prevent breaches and those that occur because basic protections were not in place

Investing in class action suits that asymmetrically benefit the finance and legal professions is not something that benefits society. 

As the eternal optimist, I’m convinced we can all work together for the common good and make every day better than the last. If you hear about someone using privacy breach reporting for their own personal gain, shout out that it’s the wrong thing to do.

In addition to his CIO role at BIDMC, Dr. Halamka blogs at GeekDoctor.blogspot.com.

In case you missed it

RSS From Medical Design & Outsourcing

  • New 510(k) boosts iRhythm, Verily efforts for AFib screening
    The latest 510(k) clearance for the Verily Study Watch will further the efforts of the Google sister company and iRhythm Technologies (NSDQ:IRTC)  to improve atrial fibrillation treatment. Verily — a life science company under Alphabet (NSDQ:GOOGL) — recently received an FDA 510(k) clearance to include an irregular pulse monitor in its Study Watch wearable. “We’ve worked carefully to meet the FDA’s stringent… […]
  • Argon Medical debuts IVC filter retrieval kits
    Argon Medical Devices (Frisco, Texas) said this week that it has launched single-loop and triple-loop retrieval kits for percutaneous removal of inferior vena cava (IVC) filters that are no longer medically required. The kits are indicated for use via a jugular approach and offer the following features: A coil-reinforced outer sheath with the strength needed… […]
  • NANS 2020: Neuromodulation news you need to know
    Neuromodulation devices from companies including Medtronic (NYSE:MDT), Abbott (NYSE:ABT) and SPR Therapeutics are showing promise treating pain. That’s one of the initial takeaways from study results that medical device companies in the neuromodulation space are touting this weekend at NANS 2020 in Las Vegas. NANS is a joint conference of Congress of Neurological Surgeons and the North American Neuromodulation… […]
  • Injection Molding Principles
    Optimizing custom part designs for injection molding requires a thorough understanding of the process and outcomes. In this e-book, you’ll learn about common molding resins, special molding terms you should know, and most importantly, how to optimize your part with undercuts, even walls, drafts, and more. Download this e-book from Xometry to learn more… The […]
  • GW Plastics expands Vermont manufacturing and tech center
    GW Plastics announced that it has completed a $10 million expansion of its Royalton, Vt., manufacturing and technology center. The company said it has added a 30,000 ft2 to the building to accommodate the growth of its thermoplastic injection molding and medical device contract assembly business. The expansion includes a new 13,000 ft2, Class 8… […]
  • Certain GE Healthcare patient-monitoring devices vulnerable to cyberattack
    The federal government and GE Healthcare (NYSE:GE) announced today that the certain of the company’s patient monitoring devices are vulnerable to cyberattack. If attacked, some versions of the Carescape and ApexPro telemetry servers, the Carescape Central Station version 1 and Central Information Center systems could stop monitoring patients, silence alarms or produce unnecessary alarms during… […]
  • Cardinal Health recalls 9 million surgical gowns, sends hospitals scrambling
    Cardinal Health (NYSE:CAH) announced that it is voluntarily recalling 9.1 million surgical gowns produced by an unnamed contract manufacturer after discovering quality issues with the product. The Dublin, Ohio-based company said that some gowns were produced in unapproved locations that did not maintain proper environmental conditions as required by law. Some of the gowns were also… […]
  • KNF launches compact swing piston pump
    KNF Neuberger is touting its NPK 06 swing piston micro gas pumps, designed to deliver high-flow and high-pressure performance in a compact size. The new pumps work well for medical diagnostics, therapy, monitoring, and general compression applications, according to the Trenton, N.J.-based company. NPK 06 measures 1.85” (47mm) wide and can produce free flow up… […]
  • Heraeus Medical Components and Myant partner on electrical sensing for textiles
    Heraeus Medical Components (St. Paul, Minn.) and Toronto-based Myant have entered a partnership enabling Myant to use Heraeus’ Tectitoat for electrical sensing applications in textiles, the companies announced today. Tecticoat is a conductive polymer-based coating that can be applied to textiles to control electrical conductivity, electromagnetic shielding and electrostatic dissipation, making it suitable for integration… […]
  • Cook Medical’s peripheral artery set debuts in U.S.
    Cook Medical recently announced the U.S. launch of its TriForce peripheral crossing set to support vascular obstruction procedures. The TriForce set is designed to be percutaneously introduced into blood vessels to support a wire guide while performing a peripheral intervention, according to the Bloomington, Ind.-based company. This device is also intended for injection of radiopaque… […]
  • Bayer and Exscientia partner to bring AI to drug discovery
    Bayer (ETR:BAYN) announced that it is entering into a collaboration agreement with artificial intelligence drug discovery company Exscientia to identify and optimize novel lead structures for potential drug candidates in treating cardiovascular and oncological diseases. The agreement, announced earlier this month, is slated to see the companies work together on early research projects combining Exscientia’s proprietary… […]

Leave a Reply

MASSDEVICE MEDICAL NETWORK

DeviceTalks
Drug Delivery Business News
Medical Design & Outsourcing
Medical Tubing + Extrusion

MASSDEVICE

Subscribe to MassDevice
Advertise with us
About
Contact us
Add us on FacebookMassDevice Network
Follow us on Twitter@MassDevice
Connect with us on LinkedInLinkedIn
Follow us on YouTube YouTube