MBA 673 Coastal Carolina University Health and Medical Information Discussion

1. Read about the Ransomware attacks on hospitals and then watch the YouTube video at the link below from CBS news discussing details of the “Ryuk” ransomware. After watching the video, discuss the ways that hospital efforts to comply with regulations like HIPAA and HITECH have made them more susceptible to ransomware attacks. (6 pts).

2. How do you feel about the creation of the Coronavirus database as discussed in the WSJ this week.  Do you feel that the healthcare industry has an obligation to create such data resources.  How would HIPAA and HITECH impact such a database and what privacy issues from the privacy and human behavior article to do you see cropping up around this project?.  (7 pts)

Companies Seek to Pool Medical Records to Create Coronavirus Patient Registry

Database would make medical histories for U.S. Covid-19 patients available to government and academic researchers 

ByPatience HagginUpdated April 8, 2020 7:12 pm ET

Several health-care and software companies are seeking to create a registry of Covid-19 patients by pooling medical records from across the country, aiming to study how the disease is spreading, which population groups are most vulnerable and how effective proposed treatments are, people familiar with the matter said.

San Francisco-based Datavant Inc., which specializes in compiling medical data from a variety of sources, began spearheading one such effort in late March, one of the people said. Health-care technology companies Allscripts Healthcare Solutions Inc. MDRX -2.42% and Change HealthcareInc. CHNG -4.08% said they have committed to donate data for the effort. Health insurance provider Anthem Inc. ANTM 5.57% has been contacted about contributing medical claims data, an Anthem spokeswoman said.

The initiative is one of several sources of data the federal government is considering to monitor the spread of coronavirus in the U.S., another person familiar with the matter said.

Datavant’s proposed registry would be free for government and academic researchers to access, and would aim to include every patient who has been tested for Covid-19, the disease caused by the new coronavirus.

The registry wouldn’t include patient names or other identifying details, but would include detailed information about their past and current conditions and medications, drawing on data that originates from hospitals, pharmacies and health-insurance companies. The consortium is aiming to have data covering 80% of U.S. medical claims, including those submitted to private insurers as well as Medicaid and Medicare Advantage.

Researchers or government officials could use the data to investigate an array of questions about the illness, such as the effectiveness of hydroxychloroquine and antivirals as potential treatment. President Trump has suggested the use of hydroxychloroquine as a treatment or preventive measure, though some public-health experts have advised against it until studies are conducted. 

The data could also yield insights on which demographic groups tend to get the most extreme cases and require ventilator support, and which are resistant to infection, one of the people familiar with the matter said. Researchers also could use the data to understand infection rates among health-care workers and the effects of local policies such as social-distancing and stay-at-home orders.

Datavant is in touch with at least one federal agency, the Food and Drug Administration, about its initiative, the person said.

“The FDA recognizes the potential for many different real-world data sources to complement traditional clinical studies and speed the process of evaluating the impact of potential Covid-19 therapies,” an FDA spokesman said in a statement. “To that end, the agency is advancing relationships with partners in the public and private sectors to rapidly collect and analyze information in areas such as illness patterns and treatment outcomes.”

Change Healthcare’s president of network solutions, Kris Joshi, said in a statement, “We are facing an unprecedented health-care crisis, and data is a critical element in discovering how Covid-19 is progressing, what kind of interventions are effective and ultimately how we can remediate the situation.”

The Anthem spokeswoman said the company hasn’t committed to participating in the initiative. “Anthem takes the security of its data and the personal information of health plan members very seriously,” she said in a statement.

Merging several big data sources to create a single record for each patient will be a challenge. Datavant’s software could help accomplish that. To protect privacy, patients’ identifying details such as names and social security numbers will be “transformed through an irreversible process” into encrypted keys. Researchers will receive patient records tied to an anonymous patient ID.

The company hopes to attract additional data providers, including life-insurance providers and consumer DNA-testing companies, after the effort’s initial launch, one of the people familiar with the matter said.

Consumer DNA-testing company 23andMe Inc. is already providing data to scientists who are racing to determine whether gene variations make some people more susceptible to serious Covid-19 infection.

Cloud-based data-management company Snowflake Inc. said it is in discussions to host the database free of charge.

In addition to patients who were tested for Covid-19, the Datavant-led database might also include patients with common symptoms for the disease. It would indicate the institution where a patient was treated to help researchers study the effects of conditions at overcrowded hospitals

3.Discuss what HIPAA is meant to do around Health information.  Next, discuss how HITECH is meant to supplement and help accomplish the goals of HIPAA.  Finally, examine the authors conclusions in “How to Avoid a HIPAA Horror Story” and comment on whether or not you think HIPAAA and HITECH legislation places an appropriate or rather excessive regulatory burden on healthcare organizations today.

Don’t Tell Apps your Secrets

Can you stop your phone from leaking personal data about you? 

Increasingly, the answer appears to be no.  A recent wave of corporate-data leaks and scandals related to sharing of personal information has led to lawsuits, fines and regulatory probes in the U.S. and Europe. Yet many cellphones and mobile apps continue to gather user data, such as people’s locations and shopping preferences, in order to share the information with other companies, including advertisers.

We asked several privacy-conscious and technologically savvy people what they do to protect their personal information while using smartphones. And the responses weren’t encouraging: They mostly agreed that smartphone users are at the mercy of phone manufacturers and app developers’ data practices.

Georgia Weidman, founder and chief technology officer of Shevirah Inc., a cybersecurity company focused on mobile devices, says she doesn’t keep photos on her phones that she wouldn’t want to end up on the internet, in case a hacker accesses her phone or an app accesses the data. When even new devices can have hundreds of apps on them, Ms. Weidman says, it’s also possible she may “make a misstep somewhere.”

Other rules she sets for herself: She has different phones for work and personal use, which helps to keep different kinds of data separate. She limits to her personal device use of apps such as social-media platforms that she thinks may “spy” on her data, and she doesn’t keep sensitive information about corporate clients on any of her phones.

“It’s nice that Facebook and WhatsApp know what you like, but you give up a lot of privacy. It’s hardly worth it,” says Ms. Weidman, who explains that she uses these platforms in combination with an app that blocks ad tracking.

Christopher Weatherhead, technology lead at nonprofit Privacy International, recommends using encrypted-messaging apps, such as Facebook Inc. FB -1.64% ’s WhatsApp or Signal, instead of traditional text messages. While some apps “are more secure and have better privacy policies than something like WhatsApp,” he says, “WhatsApp is night and day superior for personal privacy and security” compared with plain text messaging.

Not everyone will go to the lengths that privacy experts do to protect their communications. But they agree there are some precautions anyone can take to guard their privacy. Here are some other steps they recommend to limit the amount of personal data that your phone collects and shares about you:

Don’t let apps access information they don’t need

When you download mobile apps, they may ask permission to track your location and other data. In some cases, apps need that information to do what they promise, like recommend restaurants nearby. But some may ask to access phone features even though they don’t require that information. They may share data with other companies that users may not be aware of. Many popular smartphone apps share users’ locations, health details and other data with social-media companies, a Wall Street Journal investigation revealed. Other apps share personal data with advertisers.

“If it’s an app that lets you play cards, it probably doesn’t need access to the inner workings of your phone, your contact list, the internet and your GPS,” Ms. Weidman says. She recommends watching what apps you’re granting access to your camera, microphone, contacts list, location data and other information.

Phone settings list options to shut off apps’ access to location and other information. Ms. Weidman recommends people review those permissions and refuse to download apps that request access to anything they don’t need.

Apps may even continue to collect data after a person stops using them. To cut down on the amount of data a phone shares, people can delete apps they no longer use, says Mr. Weatherhead.

Research new apps before downloading them

Consumers might want to search the name of an app online before downloading it, because the developer’s data practices may already be well known, says Maureen Ohlhausen, a partner at law firm Baker Botts LLP and a former chairman of the Federal Trade Commission.

A quick internet search may turn up consumer complaints, lawsuits and regulatory investigations into an app’s potential privacy violations. Privacy concerns surfaced quickly this summer as more users downloaded FaceApp, which lets people upload photos of faces and change them to look older or younger.

Don’t let advertisers track your browsing

Ms. Weidman says she uses mobile browser plug-ins to stop advertisers from tracking her web activity and from presenting her with targeted ads on social media. Plug-ins to block ad tracking are available in app stores. In addition, she uses private sessions on web browsers to prevent them from keeping a history of her searches. Depending on the browser, private sessions are often described as “incognito” or “private” windows in the toolbar.

Change the data your phone shares with advertisers

One way to limit the personal data that smartphones collect and send to advertising companies is for users to regularly reset or turn off their advertising IDs, which identify mobile-phone users, in their phones’ settings menu. If a phone user changes their advertising ID, ad profilers cannot connect data they collected before and after it was reset with the same person, This reduces the amount of detailed personal information that advertisers see from that device, Mr. Weatherhead says.

While it might seem harmless if advertising companies obtain personal information about mobile-phone users, many people may not realize that advertisers might share that data with insurance companies and other business partners, Mr. Weatherhead says.

Update software on your phone

Data leaks and cyberattacks are less likely if people use up-to-date software. Often, hackers will siphon data off devices by exploiting a problem in an app or a phone’s operating system even after companies release a new, fixed version that a victim hasn’t downloaded.

“Lots of criminal attacks go in through vulnerabilities that are fixed and that you haven’t bothered patching,” says cybersecurity expert Bruce Schneier, an adjunct lecturer at Harvard’s Kennedy School of Government and a fellow at the Berkman Klein Center for Internet and Society.

Watch for phone scams

Cellphones are becoming a more attractive target for hackers. Scammers send texts with links containing malware that could compromise personal data, Ms. Weidman says.

Hackers also call cellphones and use ploys to trick people. Don’t react immediately to suspicious texts and phone calls that claim to be fraud alerts, says Ms. Ohlhausen. For instance, she says she recently received a phone call saying there was an alert related to activity on one of her financial apps; she asked to call the company back after checking it out herself.

“They try to throw you off and get you to react immediately,” she says. “Just be skeptical, take a breath.”

Dangers on the road

Mr. Weatherhead switched to an iPhone from Android after Apple Inc. refused to help the Federal Bureau of Investigation access encrypted data on the phone of a terrorist after a shooting in 2015. Mr. Weatherhead frequently travels abroad for his job and says authorities in some countries may want to access information about his work with privacy advocates.

“I want to know the data is staying on the phone,” he says.

Ms. Ohlhausen often decides to access the internet using mobile data instead of connecting her phone to public Wi-Fi networks because the connection may be less vulnerable to hackers. “Someone could be snooping on your traffic when you’re on a public network,” she says. Some people may want to use virtual private networks to protect their connection from intruders when using public Wi-Fi, she says.

Mr. Schneier says he accepts that a certain amount of risk comes with using the apps he wants. Two-factor authentication adds an extra layer of security to apps and makes it harder for hackers to access data, he says.

“Passwords are easy to steal, passwords are easy to guess,” he says. “Use two-factor authentication. It’s kind of a no-brainer.”

“Most of your security and privacy is not in your hands,” Mr. Schneier says. “You don’t have the ability to reverse-engineer it. You just don’t know.”

4. Revisit your healthcare app from last week.  After reading the “Don’t Tell Apps your Secrets article”, discuss some of the data collected by your app.  Especially focus on data that may be protected by HIPAA or HITECH.  Next, discuss some of the ways your app uses concepts from the privacy and human behavior article to encourage users of the app to provide their data even if they may have privacy concerns.