8 Recommendations to Ensure Safe Use of Electronic Health Records

According to a post on MedScape.com, the Journal of the American Medical Association recently published a list of 8 recommendations to ensure the safe use of electronic health records.

“Dr. Sittig and Dr. Singh advocate 8 essential recommendations, based on a systems engineering model for patient safety, to realize the full potential of EHRs. Ideally, an EHR system should lead to lower costs, less duplication, and greater quality. Their specific recommendations are as follows:

1. The proper hardware and software must be in place and readily available to the clinician and healthcare organization before the EHR system is implemented. Disruption or slowing of clinician work flow by hardware or software problems could put patient safety at risk. The Veterans Information Systems and Technology Architecture and other free EHR software programs are available. However, safe and effective use of an EHR system mandates attention to all of the other 7 essentials in the framework.
2. For effective information sharing, content must be reported using standardized vocabulary to describe clinical findings, as requested by the federal government as a prerequisite to implementing advanced clinical decision support.
3. The user interface should allow easy access to and entering of clinical information, presenting all pertinent data in a manner that facilitates rapid recognition of and response to clinical problems.
4. Appropriate, qualified personnel, including trained and knowledgeable software designers, developers, trainers, and implementation and maintenance staff, must be hired by healthcare organizations to ensure safe implementation of EHR systems. The requisite knowledge and skills for many of these positions have been identified by the American Medical Informatics Association, and the School of Health Information Sciences at Houston now offers educational programs and degrees relevant to these positions.
5. Work flow and communication should be ensured by thoroughly testing the EHR system before implementation within the clinic or hospital where it will be used, allowing any problems to be addressed and corrected before the system is in place.
6. Needed organizational characteristics include an ongoing surveillance system to report errors and identify obstacles to appropriate care, thereby facilitating innovation, exploration, and continual improvement. The authors cite the VA EHR system as a model of many of these organizational features.
7. To protect patient safety and privacy, state and federal rules and regulations must be followed.
8. Even after initial implementation and use, ongoing monitoring and oversight are vitally important to the success of the switch from paper-based patient records to electronic records.”

URLs On Twitter Leading to Malware

According to a recent article on Wired.com titled “Trick or Tweet? Malware Abundant in Twitter URLs,” one in every 500 URLs posted on Twitter lead to malware.  This might not seem like a lot at first glance but just imagine for a second the number of users on Twitter and the number of tweets containing URLs. In essence, we’re talking about a large number of instances.  What makes it so easy is the fact that URLs are shortened, thus failing to reveal where the users are heading when they click on the link.  Researchers at Kaspersky Labs developed a tool to examine URLs and found anywhere from 100 to 1,000 URLs leading to malware per day, the most popular of which “is the Trojan-Clicker.HRML.IFrame.ob, which accounts for about 31 percent of the malware found.” Luckily, with the help of Google, Twitter developed a system to check for malware back in August.  Unfortunately, it only filters those URLs that are shortened using bit.ly (the most popular URL shortener).

CLICK HERE to read the full story and see a graph displaying the various malware they’ve found thus far.

Students Explain Information Assurance

The following video provides a great general overview of information assurance and all the potential security risks/threats that we face:

Stolen Laptop Resulting In Data Breach Alert

The American Medical Association sent out a data breach alert today regarding a data set containing private information of physicians and health care professionals. This data, including Social Security numbers, is for employer groups to compare Blue Cross and Blue Shield (BCBS) to other health plans.  As a result, the BCBS Association is taking precautionary steps to protect their physicians.  The data was stored on a laptop that was stolen from a car. However, it was just one of many items stolen from cars all parked in the same area.  Therefore, there is reason to believe that the data will not be used for identity theft purposes.  Regardless, the BCBS Association is offering its providers credit monitoring services.

CLICK HERE to read the full alert.

Delta Airlines Being Sued For Email Hacking

Delta Airlines is being sued by Kathleen Hanni, executive director of Flyersrights.org,  for allegedly hacking into her emails and files.  Hanni is a passenger rights advocate who is in support of the “Airline Passenger’s Bill of Rights of 2009.”  Her organization had been investigating surface delays in travel and working to pass legislation that would allow passengers access to food, water and toilets during long delays on the tarmac.

After lengthy correspondence between Hanni and Frederick J. Foreman, who worked for Metron Aviation, AOL notified Hanni that her emails were being redirected to an unknown location.  Foreman had been studying surface delays and specifically fingered Delta as one of the airlines that were experiencing excessive surface delays.

Social Media Aids Cybercriminals

Perhaps you thought the one place you could safely share information about yourself was through your social networks.  After all, you keep your network limited to only people you know and have made your account private.  However, many are still finding themselves as targets of cybercriminals looking to gain valuable information that they can then use to their benefit.  For example, some people use their birth date as their password on other accounts.  If a criminal were to access your social network and see your birth date, they could potentially gain access to more sensitive and important online accounts.

Another popular method cybercriminals have been using is posting on peoples Twitter accounts or Facebook profiles disguised as their friend.  The post will include a link that, when clicked on, sends the user to a supposed third-party application that allows the criminal to collect information about the victim and then send malicious software to their friends.  So the next time you want to post personal information to the public, think twice.

CLICK HERE to learn more about the potential dangers of social networks.

Microsoft Files Suit Against Unknown Cybercriminals

Microsoft has issued a warning to cyber criminals by filing a suit in Washington state Superior Court in response to determine who is responsible for the malicious advertisements targeted towards Windows PC users.  The filed suit was against unknown individuals behind five companies, but Microsoft intends to utilize the judicial discovery process to track them down through ISPs.  The attacks damaged Microsoft’s computer systems.  As a result, this is an important endeavor for the company which runs a large business selling and displaying online advertisements.  CLICK HERE for the full story.

OpenID Makes Accessing Government Sites a Cinch

The government has decided to provide citizens easy access to their websites.  The pilot program, allows people to access government websites using OpenID or an Information Card, two popular emerging technologies.  In order to make it easier to login, people can simply use their Google accounts or the URL of their Yahoo profile.  OpenID allow you to maintain control of how much information you want to share in your profile and also acts as a “skeleton key” which gives you access to all government sites, eliminating the need to sign up and provide your information each time.  CLICK HERE to learn more about the program.

NYTimes.com Gets Hit With a Virus

NYTimes.com was recently hit with a malicious virus that targeted its ads.  Visitors to the site had their screens filled with what seemed to be a virus scan, but was in fact, just a scam.  This approach has become quite popular with cyber criminals as a way to make a quick buck.  Other sites, such as FoxNews.com and the San Francisco Chronicle have also reported similar incidents happening to them.  The rapid pace in which multimedia ads are developing makes it difficult to consider and warn people of the security risks involved with them.  One of the primary issues, when it comes to ads, is that they are usually sold and distributed through middlemen. In other words, a company can have an ad suddenly appear on their site without ever screening and approving it. CLICK HERE to read more about the incident.

Corporations Are Combating the Wrong Cyber Threats

With all the potential cyber threats out there, you can’t really blame corporations for focusing on the wrong ones. However, one must always attempt to be proactive, which includes research and an understanding of where to place ones efforts the most.  A new biannual report from the SANS Insitute, revealed that many corporations are doing the former. Rather than focus on more serious risks, corporations are still investing their time in Windows operating systems.  Other than the Conficker worm, however, Microsoft has done a pretty decent job of improving their security. In fact, desktop programs such as Adobe’s Flash Player, Apple’s QuickTime and Java applications account for 10% of attack volume, according to the NY Times Bits Blog.  To read the full post, CLICK HERE.