The healthcare industry is under privacy attack. The book discusses the issues from the healthcare organization and individual perspectives. Someone hacking into a medical device and changing it is life-threatening. Personal information is available on the black market. And there are increased medical costs, erroneous medical record data that could lead to wrong diagnoses, insurance companies or the government data-mining healthcare information to formulate a medical ‘FICO’ score that could lead to increased insurance costs or restrictions of insurance. Experts discuss these issues and provide solutions and recommendations so that we can change course before a Healthcare Armageddon occurs.
| Foreword |
|
ix | |
| Preface |
|
xi | |
| Acknowledgments |
|
xvii | |
| Author |
|
xix | |
| Contributing Author |
|
xxi | |
|
|
|
1 | (46) |
|
|
|
1 | (5) |
|
|
|
6 | (3) |
|
|
|
9 | (3) |
|
|
|
12 | (24) |
|
|
|
19 | (4) |
|
|
|
23 | (2) |
|
Hippocratic Oath for Connected Medical Devices |
|
|
25 | (2) |
|
Cyber Independent Testing Laboratory |
|
|
27 | (1) |
|
|
|
28 | (2) |
|
|
|
30 | (1) |
|
Open Web Application Security |
|
|
31 | (5) |
|
Legal/Constitutional Issues |
|
|
36 | (11) |
|
Fingerprints Are Not Protected by the Fifth Amendment |
|
|
43 | (4) |
|
Chapter 2 Privacy Concerns |
|
|
47 | (40) |
|
Information... Information... Everywhere |
|
|
47 | (5) |
|
|
|
50 | (2) |
|
|
|
52 | (15) |
|
|
|
57 | (1) |
|
|
|
58 | (1) |
|
|
|
59 | (2) |
|
Cybersecurity Information Sharing Act 2015 (CISA) |
|
|
61 | (5) |
|
Health Information Technologies Standards Committee |
|
|
66 | (1) |
|
Improving Health Information Technology Act |
|
|
66 | (1) |
|
|
|
67 | (8) |
|
|
|
68 | (2) |
|
|
|
70 | (2) |
|
|
|
72 | (1) |
|
|
|
72 | (3) |
|
|
|
75 | (3) |
|
|
|
77 | (1) |
|
Medical Information Is Highly Coveted |
|
|
78 | (9) |
|
Ease of Obtaining Information |
|
|
81 | (1) |
|
|
|
82 | (1) |
|
|
|
83 | (4) |
|
Chapter 3 Healthcare Armageddon |
|
|
87 | (16) |
|
2015 Year of the Hack: Medical Breaches |
|
|
87 | (3) |
|
Another Search Engine to the Rescue |
|
|
90 | (1) |
|
|
|
91 | (4) |
|
Patients Trust Healthcare |
|
|
95 | (2) |
|
|
|
97 | (2) |
|
EU Doesn't Trust U.S. Privacy: Agreement Made |
|
|
99 | (4) |
|
|
|
103 | (14) |
|
|
|
103 | (4) |
|
|
|
107 | (4) |
|
|
|
111 | (1) |
|
|
|
112 | (1) |
|
|
|
113 | (4) |
|
Chapter 5 Healthcare Security |
|
|
117 | (44) |
|
Ignorance Is Bliss: State of Healthcare Security |
|
|
117 | (4) |
|
Constructive Ambiguity and the HIPAA Regulations |
|
|
121 | (3) |
|
|
|
124 | (22) |
|
|
|
124 | (4) |
|
|
|
128 | (7) |
|
|
|
135 | (3) |
|
|
|
138 | (2) |
|
|
|
140 | (3) |
|
|
|
143 | (3) |
|
Privacy Culture; Not a Security Culture |
|
|
146 | (3) |
|
|
|
149 | (1) |
|
|
|
150 | (4) |
|
|
|
154 | (2) |
|
A Funny Thing Happened on the Way to Security... Nothing |
|
|
156 | (5) |
|
|
|
161 | (38) |
|
|
|
161 | (14) |
|
|
|
172 | (1) |
|
Business Associate Agreements |
|
|
173 | (2) |
|
|
|
175 | (2) |
|
Office of Inspector General (OIG) |
|
|
177 | (4) |
|
|
|
181 | (1) |
|
|
|
182 | (7) |
|
|
|
189 | (3) |
|
|
|
192 | (2) |
|
|
|
194 | (3) |
|
|
|
197 | (2) |
|
Chapter 7 Privacy... Clear... <shock> |
|
|
199 | (52) |
|
|
|
199 | (4) |
|
Withholding Medical Information |
|
|
203 | (1) |
|
|
|
204 | (2) |
|
Put a Tourniquet On: Stop the Bleeding |
|
|
206 | (2) |
|
|
|
208 | (2) |
|
National Patient Identifier |
|
|
210 | (1) |
|
|
|
211 | (1) |
|
|
|
212 | (23) |
|
|
|
212 | (1) |
|
|
|
213 | (3) |
|
|
|
216 | (2) |
|
Multi-Factor Authentication |
|
|
218 | (2) |
|
|
|
220 | (1) |
|
Data Collection/Retention |
|
|
221 | (1) |
|
|
|
222 | (3) |
|
|
|
225 | (4) |
|
|
|
229 | (5) |
|
|
|
234 | (1) |
|
Standards/Certification/Accreditation |
|
|
235 | (6) |
|
CIS Critical Security Controls |
|
|
235 | (1) |
|
|
|
236 | (1) |
|
|
|
237 | (2) |
|
|
|
239 | (2) |
|
|
|
241 | (1) |
|
|
|
241 | (6) |
|
|
|
247 | (4) |
|
|
|
251 | (14) |
|
Message to the Board Room |
|
|
251 | (1) |
|
|
|
252 | (3) |
|
Asking the Right Questions |
|
|
255 | (2) |
|
Message to Chief Executive Officers |
|
|
257 | (2) |
|
Message to the Legislators |
|
|
259 | (2) |
|
Message to Private Citizens |
|
|
261 | (2) |
|
|
|
263 | (2) |
| References |
|
265 | (26) |
| Index |
|
291 | |
John Jay Trinckes, Jr., CISSP, CISM, CRISC, HITRUST CSF Practitioner, is Senior Practice Lead, Healthcare & Life Sciences, Coalfire Systems, Inc. He directs lead compliance efforts for Coalfire's healthcare clients. He heads up the healthcare practice for Coalfire Systems, Inc. Coalfire is the leading IT governance, risk, and compliance organization in the country. He helps its clients manage IT risk to ensure they are not subject to cyber-attack and help them validate their compliance with IT regulations such as HIPAA. Coalfire offers assessments, penetration tests and advisory services that drive our clients to better security and compliance. He is the author of the books, "The Executive MBA in Information Security" (2009) and "The Definitive Guide to Complying with the HIPAA/HITECH Privacy and Security Rules" (2012) published by CRC Press. He has a wide range of experience in computer networks, vulnerability and penetration testing, security, compliance, and risk assessment. He was also a former law enforcement officer in the state of Florida.
Lisainfo e-raamatute kohta