Why you do not want to unify data in your clinical trial
Unified clinical data sets – good or bad? Unification of data from patient medical records, hospital reports and clinical trial protocols is a tempting yet extremely dangerous idea. In this outstanding guest post, security and privacy expert, Veronika Valdova from Arete-Zoe explains why merging medical records, hospital reports, and clinical trial data is a very bad idea. How data breaches […]
3 things to do before you spend money on a HIPAA consultant for your clinical trial
Flaskdata specializes in same data data and safety solutions for clinical trials. Flaskdata is a technology company specializing in clinical datamanagement and monitoring. We are accomplished at providing our customers with the most effective way to achieve high quality clinical dataand assure patient safety. There is no single solution that works for everyclinical trial. We work […]
A word to Teva on firing employees and assuring data security
To be able to do something before it exists, sense before it becomes active, and see before it sprouts. The Book of Balance and Harmony (Chung-ho chi). A medieval Taoist book In early December 2017, the Israeli pharmaceutical generics company Teva announced it would lay off about 1,700 of its employees in Israel, who make up […]
What is more important – patient safety or hospital IT?
What is more important – patient safety or the health of the enterprise hospital Windows network? What is more important – writing secure code or installing an anti-virus? A threat analysis was performed on a medical device used in intensive care units. The threat analysis used the PTA (Practical threat analysis) methodology. Our analysis considered […]
Why HIPAA Policies and Procedures are not copy and paste
Compliance from Dr. Google is a very bad idea. Searching for HIPAA Security Rule compliance yields about 1.8Million hits on Google. Some of the information is outdated and does not relate to the Final Rule and a good deal of other information is sponsored by service providers and technology companies selling silver bullets for HIPAA compliance. The […]
The chasm between FDA regulatory and cyber security
When a Risk Analysis is not a Risk analysis Superficially at least, there is not a lot of difference between a threat analysis that is part of a software/hardware security assessment and a risk analysis (or hazard analysis) that is performed by a medical device company as part of their submission to the FDA. […]
PCI DSS is a standard for the card associations not for your business
I recently saw a post from a blog on a corporate web site from a company called Cloud compliance, entitled “Compliance is the New Security Standard“. Cloud Compliance provides a SaaS-based identity and Access Assessment (IdAA) solution that helps identify and remediate access control and entitlement policy violations. We combine the economies of cloud […]
Why your security is worse than you think
Thoughts for Yom Kippur – the Jewish day of atonement – coming up next Wed. Security on modern operating systems (Windows, OS/X, iOS, Android, Linux) is getting better all the time – but Android using SELinux and MAC (mandatory access control) doesn’t make for catchy, social-media-sticky news items. A client (a good one) once told […]
14 years after 9/11, more connected, more social, more violent
Friday, today is the 14’th anniversary of the Al Queda attack on the US in New York on 9/11/2001. The world today is more connected, more always-on, more accessible…and more hostile. There are threats from Islamic terror, identity theft, hacking for pay, custom spyware, mobile malware, money laundering and corporate espionage. For those of us […]
The importance of risk analysis for HIPAA compliance
A chain of risk analysis The HIPAA Final Rule creates a chain of risk analysis and compliance from the hospital, downstream to the business associates who handle / process PHI for the hospital and sub-contractors who handle / process PHI for the business associate. And so on. The first thing an organization needs to do is a risk analysis. […]
