Welcome!

Blog Feed Post

Your artwork is not HIPAA compliant

Chicago art exhibit displays problems of pager use

At OnPage, we have long rallied against pagers, highlighting the problems they cause when used as a form of communication between doctors. In many blogs and whitepapers, we have described how:

  • pagers are not secure
  • pagers are easily hacked
  • pagers enable the leaking of protected patient information(PHI).

Our goal, in persistently extending this message is to encourage physicians and hospital staff to use secure, HIPAA compliant communications instead of pagers. But little that we write could be as powerful as the art instillation created by Brannon Dorsey called Holypager.

One man’s pager is another man’s art

We read about Dorsey’s exhibit in an article that was forwarded to us. His exhibit, Holypager is designed to intercept all POCSAG pager messages sent in the city of Chicago. Once intercepted, the messages are all anonymized and then printed out at the exhibit on one of three rolls of receipt paper. The display makes for a large paper pile-up for gallery visitors to view.

While this might not be everyone’s definition of art, Holypager does none-the-less seem to always elicit a reaction. People seem genuinely surprised that pagers’ messages are so easily hacked. Perhaps, they think, patient information should be held to a higher level of security.

An artist’s message of privacy

Perhaps as surprising as the ease with which the pages are hacked is the source of the messages. Almost all of the messages are sent between doctors and hospital staff. According to Brannon, messages almost all contain:

  • Patient’s first name
  • Patient’s last name
  • Patient’s date of birth
  • Patient diagnosis

I’m sure visitors to the exhibit expressed thoughts such as ‘Isn’t that sort of information supposed to be protected’? Shouldn’t there be some form of encryption on that information?

Yes, pieces of information like name and diagnosis are clearly PHI. Exchanging the information in a manner which is so easily hacked is a clear HIPAA violation. Doctors are violating HIPAA norms when they exchange this information over pagers rather than using HIPAA compliant messaging.

According to HIPAA Standard 164.306 “doctors must ensure the confidentiality of all electronic PHI they transmit and protect against any reasonably anticipated threats or hazards to the security or integrity of such information”.  As the Holypager exhibit demonstrates the standard of confidentiality is far from maintained.

According to Brannon,

Given the severity of the HIPPA Privacy Act, one would assume that appropriate measures would be taken to prevent this information from being publicly accessible to the general public.

The seemingly obvious answer to Brannon’s assumption is that appropriate measures are not being taken. Brannon hopes to show his results to the hospitals whose pages he has intercepted and let them know they need to embrace more secure messaging methods.

Conclusion

The artist believes that his project is meant to serve as a reminder that as the complexity of digital systems increases, humans don’t always develop a corresponding level of literacy about the systems.

Maybe.

But what I think is easy to get across here is that pagers are a technology whose ship has long ago sailed. Perhaps we’d all be much better off if we recognized the need for our physicians to use and maintain HIPAA compliant communications.

 

The post Your artwork is not HIPAA compliant appeared first on OnPage.

Read the original blog entry...

More Stories By OnPage Blog

OnPage is a disruptive technology and application that leverages today's technology and smartphone capabilities for priority mobile messaging. With a top notch history of ensuring uninterrupted communication for businesses and critical response organizations, OnPage is once again poised to pioneer new mobile communications methodology for business and organizational use.

Latest Stories
This session will provide an introduction to Cloud driven quality and transformation and highlight the key features that comprise it. A perspective on the cloud transformation lifecycle, transformation levers, and transformation framework will be shared. At Cognizant, we have developed a transformation strategy to enable the migration of business critical workloads to cloud environments. The strategy encompasses a set of transformation levers across the cloud transformation lifecycle to enhance ...
Your job is mostly boring. Many of the IT operations tasks you perform on a day-to-day basis are repetitive and dull. Utilizing automation can improve your work life, automating away the drudgery and embracing the passion for technology that got you started in the first place. In this presentation, I'll talk about what automation is, and how to approach implementing it in the context of IT Operations. Ned will discuss keys to success in the long term and include practical real-world examples. Ge...
The challenges of aggregating data from consumer-oriented devices, such as wearable technologies and smart thermostats, are fairly well-understood. However, there are a new set of challenges for IoT devices that generate megabytes or gigabytes of data per second. Certainly, the infrastructure will have to change, as those volumes of data will likely overwhelm the available bandwidth for aggregating the data into a central repository. Ochandarena discusses a whole new way to think about your next...
So the dumpster is on fire. Again. The site's down. Your boss's face is an ever-deepening purple. And you begin debating whether you should join the #incident channel or call an ambulance to deal with his impending stroke. Yes, we know this is a developer's fault. There's plenty of time for blame later. Postmortems have a macabre name because they were once intended to be Viking-like funerals for someone's job. But we're civilized now. Sort of. So we call them post-incident reviews. Fires are ne...
Whenever a new technology hits the high points of hype, everyone starts talking about it like it will solve all their business problems. Blockchain is one of those technologies. According to Gartner's latest report on the hype cycle of emerging technologies, blockchain has just passed the peak of their hype cycle curve. If you read the news articles about it, one would think it has taken over the technology world. No disruptive technology is without its challenges and potential impediments t...
Hackers took three days to identify and exploit a known vulnerability in Equifax’s web applications. I will share new data that reveals why three days (at most) is the new normal for DevSecOps teams to move new business /security requirements from design into production. This session aims to enlighten DevOps teams, security and development professionals by sharing results from the 4th annual State of the Software Supply Chain Report -- a blend of public and proprietary data with expert researc...
CloudEXPO New York 2018, colocated with DevOpsSUMMIT and DXWorldEXPO New York 2018 will be held November 12-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI and Machine Learning to one location.
DXWorldEXPO LLC announced today that Nutanix has been named "Platinum Sponsor" of CloudEXPO | DevOpsSUMMIT | DXWorldEXPO New York, which will take place November 12-13, 2018 in New York City. Nutanix makes infrastructure invisible, elevating IT to focus on the applications and services that power their business. The Nutanix Enterprise Cloud Platform blends web-scale engineering and consumer-grade design to natively converge server, storage, virtualization and networking into a resilient, softwar...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
The digital transformation is real! To adapt, IT professionals need to transform their own skillset to become more multi-dimensional by gaining both depth and breadth of a wide variety of knowledge and competencies. Historically, while IT has been built on a foundation of specialty (or "I" shaped) silos, the DevOps principle of "shifting left" is opening up opportunities for developers, operational staff, security and others to grow their skills portfolio, advance their careers and become "T"-sh...
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine where she evaluated and tested application-focused technologies including app secu...
DXWorldEXPO LLC announced today that Big Data Federation to Exhibit at the 22nd International CloudEXPO, colocated with DevOpsSUMMIT and DXWorldEXPO, November 12-13, 2018 in New York City. Big Data Federation, Inc. develops and applies artificial intelligence to predict financial and economic events that matter. The company uncovers patterns and precise drivers of performance and outcomes with the aid of machine-learning algorithms, big data, and fundamental analysis. Their products are deployed...
ICC is a computer systems integrator and server manufacturing company focused on developing products and product appliances to meet a wide range of computational needs for many industries. Their solutions provide benefits across many environments, such as datacenter deployment, HPC, workstations, storage networks and standalone server installations. ICC has been in business for over 23 years and their phenomenal range of clients include multinational corporations, universities, and small busines...
This sixteen (16) hour course provides an introduction to DevOps, the cultural and professional movement that stresses communication, collaboration, integration and automation in order to improve the flow of work between software developers and IT operations professionals. Improved workflows will result in an improved ability to design, develop, deploy and operate software and services faster.
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or per...