Week 4 Discussion-Reflections
Each week there are two prompts required to complete the initial Post: a reflection of the process and a progress report. Write a full paragraph (5-7 sentences) responding to each of the prompts, and then respond to one of your peers.
From the Capstone Project I have attached, please answer the following questions:
Reflect: How was your experience in interdisciplinary studies? Specifically comment on the challenge of the interdisciplinary approach to writing a critical analysis paper. If you could change one thing about the experience, what would you change?
Progress: Share a progress report on the completion of your Capstone. The Final Written Capstone is due Wednesday of week four. Are you finished? Oral Presentation is due Friday. Did you write a script? Are you ready to record? Do you have what you need to finish?
Peer Response: Share a final thought, encouragement or tip with a fellow student.
Note: I need three pages minimum for this assignment.
Thanks-.
Capstone Project
IDS-4934
February 23, 2020
[Type here] [Type here] [Type here]
Abstract
Topic
Privacy- What medical information should be confidential? Who, if anybody, should have access to medical records?
Thesis statement
The overuse of one’s medical information, the security breaches in the medical industry, and protections/precaution one should take.
Rationale
· Purpose- To express how identity thief has grown throughout the medical field.
· Background- Talk about statistics, laws, and precaution one can take to help shield their identity.
· Significance- I want to express how important this issue is that we ourselves might have gone through this are we know someone that has.
· Research methodology and description – Use internet and book sources
Rough Draft ideas
That is just enough information to take someone’s identity for someone to make different accounts in that person particular name. How can we make this better? Sticker laws, tighter security on patient records portals.
Table of Contents
I. Title page
II. Abstract Page 1
III. Table of contents Page 2
IV. Introduction- HIPPA Law Page 3
V. How can we make the medical privacy policy better Page 4
VI. Statistics of medical breaches and Figure A Page 5
VII. Cyber Attacks- Attacks on Insulin Pumps Page 7
VIII. The common courtesy and rules of a breached Page 8
IX. Federal laws-precautions after a breach Page 9
X. Services one can use- example LastPass Page 10
XI. Penalties and jail time for hacking personal info Page 10
XII. Identity Laws and how can we make them better Page 11
XIII. Black Market and how much your information is worth Page 14
XIV. Conclusion Page 15
XV. Recommendations Page 16
XVI. References Page 17
Introduction – HIPPA Law
Every American, from the beginning of life to its end, enjoys a fundamental, but not absolute, the right to privacy that is deeply rooted in both tradition and law. In no area is this right more cherished, or more unsettled, than in protecting the confidentiality of identifiable personal health information, as lawmakers, judges, and healthcare professionals struggle to balance individual privacy interests against other strong societal interests. “An estimated 17.6 million people, or about 7 percent of U.S. residents age 16 or older, were victims of at least one incident of identity theft in 2014, the Bureau of Justice Statistics (BJS).” (http://www.bjs.gov, 2016). The overuse of one’s medical information, the security breaches in the medical industry, and protections/precaution one should take.
The Hippocratic Oath, dating to the fourth or fifth century B.C., requires physicians to keep secret all knowledge of individual patients. Personal health information is maintained not only by physicians but also in the records and/or databases of hospitals and clinics that provide treatment or diagnostic services, laboratories that perform tests, pharmacies, and insurance companies and managed care organizations to which claims are submitted or coverage is made. In addition, personal health data frequently is shared with universities and pharmaceutical companies for medical and health-services research purposes.
How can we make the medical privacy policy better?
What is a shame is now when a person goes to a doctor’s office or the emergency room, and the person working the window is either asking for the patient’s social security number or wanting the patient to give out their social security so they can check what is on file. Ever noticed that there are not a room or a door one can close. Technology as grown over the years and while one is giving out their personal information to get medically treated, someone can record that person with their cell phone while the patient is verifying their social security number, date of birth, and address. Then that vindictive person has all the information they need to pretend to be you. Some people when they talk their voices are loud everyone can hear their whole conversation. some elderly people that do not wear hearing aids and they talk so loud that they receptionist is not thinking of their privacy.
Personally I would like to see the clerk or the patient write their social security number on a piece of paper like a post-it note. When the clerk is done he/she gives the post-it note back to the patient and the patient can dispose of it at their own risk. Just with all the bad things going on in the world today one does not know if the office clerk or program secretary is going to shred your information. Now one might have family working at the hospital or a clinic that one might go to and I would hate to know if a member of one’s family has access to your personal medical records . There are something a patient that one likes to keep private. Now medical facilities have made it where if the patient does not have a signed or scanned copy in your medical documentation of a medical release form. That legally they cannot send or give out that patient’s personal medical records to anyone. It just makes one wonder if the person behind the desk is actually going through your medical files to make sure the patient has a signed released from in one’s file.
Statistics of medical breaches and Figure A
The word breach sometimes just makes one’s skin crawl. When one hears of a breach in the medical field everyone assumes of the worst has happened. “Experts, estimates that data breaches cost the healthcare industry some $6.2 billion, as some 79% of healthcare organizations say they were hit with two or more data breaches in the past two years, and 45%, more than five breaches.” (Higgins, 2016). ” Most of those exposed fewer than 500 data records, and thus don’t get reported to the US Department of Health and Human Services nor are revealed to the media.” (Higgins, 2016). That is a huge number and how does one know if they are one of the not so lucky ones that information as breached?
Figure A (Kassner, 2016).
Breaches of confidentiality, in fact, are on widespread now from medical devices, medical records, and even to government medical clearances. In some instances, breaches occur within the parameters of present law: Pharmacies in some states legally sell individual prescription records to pharmaceutical companies for use in marketing campaigns. As one now knows that pharmaceuticals companies are now pushing for these prescription saver cards for medicines like Farxiga or Invokana. Now it great in a way because we are getting or prescription for no cost, but to just activate the card one has to put in their personal information to an extent. Once one has done that you have opened yourself to that particular company that makes your prescription drugs marketing companies.
Cyber Attacks- Attacks on Insulin Pumps
“The cyber attack—in which hackers stole the names, birth dates, Social Security numbers, home addresses and other personal information of 78.8 million current and former members and employees—gave Anthem’s reputation a black eye early on. The company and the industry at large scrambled to do damage control. Consumers questioned whether Anthem and other healthcare organizations could manage the volumes of data they had.” (Herman, 2016). The worst part about this whoever hack this company if it was an individual person, another country like Russia or China, or even if it was another insurance company. This person/persons has access to all patients medical records from surgeries done in the past, to medications one is current taking, and one’s deductibles.
One new scare one should watch out for now is if you are a diabetic Johnson and Johnson is warning more than 100,000 medical patients who use certain insulin pumps they could be targeted by hackers. In a letter, the company said its Animas OneTouch Ping insulin pump has a bug causing a potential cybersecurity risk. Hackers could hijack the device and force it to deliver unauthorized, and possibly lethal, insulin doses. That is scary to think someone either in your community or across the world could be in control of your insulin levels.
The common courtesy and rules of a breached
Unlike your fingerprints, which are unique to you and cannot be given to someone else for their use, your personal data especially your Social Security number, your bank account or credit card number, your telephone calling card number, and other valuable identifying data can be used, if they fall into the wrong hands, to personally profit at your expense. “Individual identities, called ‘fullz’ on the black market, vary in price from $1 to about $450 (converted from bitcoin) and are valued based on factors like quality, robustness, reliability, and the seller’s reputation – not unlike EBay.” (Abrams,2016). That should just make one cringe it makes one think are we really safe is our information really safe at night or anytime. The Figure below shows just how easy it is for someone to buy one’s information.
Figure B: (http://businessidtheft.org, 2016)
Payment & Banking Information
Price
Credit card details
From $2 – $90
Bank credentials
From $80 to $700 with guaranteed balance
Bank transfers & check cashing
From 10% to 40% of the total
PayPal credentials
$10 & up with no guaranteed balance
Online store & payment platform credentials
From $80 to $1500 with guaranteed balance
Physical (cloned) credit cards
From $190 + cost of details
Services & Equipment to Commit Fraud
Price
Card cloners
From $200 to $1000
Fake ATM machines
Up to $35,000
Design & publish fake online store or website
Varies based on project scope
Federal laws-precautions after a breach
Once this is filed submit a copy of one’s police report to one of the credit bureaus the other two bureaus will receive the report as well and will make sure that any financial institution is aware as well. I would suggest that one should put a good contact number for a bank or Credit Company to call if they see someone is using your personal identity. This way when they call you can give verification and with your phone number it is an extra step for security. If you get anything in your mail about certain accounts you did not open and it is in your name call the company and demand the shut those accounts down. Tell them “I am a victim of an identity thief,” this way the company will working on closing all of the open accounts. Tell them that if they find that person put them in jail and punished to the maximum extent.
Services one can use- example LastPass
Another thing one should look into is a service called Lifelock. This service monitors all one’s financial activity as well as one’s person information such as social security number, date of birth, home address and mail address. Nowadays one cannot be too safe when it comes to anything. If a person that likes to submit one’s medical claims or look at one personal insurance statement, or have access to personal online medical records I would recommend LastPass. Is a freemium password management service which stores encrypted passwords in private accounts? LastPass is standard with a web interface but also includes plugins and apps for many modern web browsers and includes support for bookmark lets.
Penalties and jail time for hacking personal info
“Penalties for fraud offenses may include criminal penalties, civil penalties, or both. Most criminal fraud offenses are considered felony crimes and are punishable by jail, fines, probation, or all of the above. Civil penalties may include restitution (paying the person back) or payment of substantial fines (geared to punish the behavior).” (http://criminal.findlaw.com, 2016). The federal law relating to identity theft penalties was signed into action by President Bush in 2004, and it mandates federal prison time for anyone convicted of the crime. It also increases the maximum jail sentence from three years to five years, and increases penalties for phishing schemes, among other changes. There should be longer jail time for someone that steals another person identity. When one is born we come into this word all one has their name, and over time one works hard to build up their name and who they become in life. But have some horrible vindictive person take that way would infuriate someone. With the criminal just using the major information that they need they have everything to pretend to be someone else. Depending on how that person is they can ruin one’s life and rack up tons of fraudulent bills. Theft is one of the fastest growing crimes in the United States today. The Federal Trade Commission (FTC) estimates that as many as 9 million Americans have had their identities stolen each year. That is too many and will is enough going to be enough?
Identity Laws and how can we make them better
Personally, the criminal should have to pay the person/persons whose identity they stole. If for example, this individual took $10,000-$30,000 dollars. That criminal need to pay all that back to that individual if that mean that person need to sell things get personal loans or work several jobs well everything needs to be paid back. If not paid back in time that it was given then when it comes tax time that individual taxes if he/she gets anything back they have to pay for the person that had to suffer for their mistake. “Each state differs in how they handle an identity theft conviction, but at the very least, the criminal will be given a misdemeanor and forced to pay back any loss suffered by the victim, whether financial or in compensation of time, labor, etc. As the severity of the crime increases, so too do the state identity theft penalties, ranging from prison terms up to ten years to fines numbering in the thousands of dollars” (https://enlightenme.com, 2016). There are a lot of time and man hours that goes into one having their identity stolen. The paper work that is involved, one’s time, make phones to certain companies to make sure your information is not being used, and the hurt the one goes thought and wondering why did this have to happen to them?
“There are two levels of punishment for identity theft: the state level and the federal level. The federal law relating to identity theft penalties was signed into action by President Bush in 2004, and it mandates federal prison time for anyone convicted of the crime. It also increases the maximum jail sentence from three years to five years, and increases penalties for phishing schemes, among other changes.” (https://enlightenme.com, 2016). When the criminal is convicted they need to have to have credit monitoring and have random inspections of their finances, and there is certain investments. Anything that looks out of the ordinary then they need to be brought in for questioning if found guilty again 10 years for terrorism related offenses should be the pending charges of the induvial. If that criminal does not learn their lesson they should serve life in prison afterwards. If one cannot learn after the first time they went to jail then they need to be where they monitored twenty-four-seven.
This is very serious crime and with technology we have now days it will only get worse to do cyber-attacks and hacking into records or insurance companies. To just give someone on their first offence to just put them on probation that does not seem fair. They need to jail time right off the bat, no normal person ever thinks about hacking or taking someone identify, and if someone does that, he/she must be aware and prepared to assume the consequences of his/her actions.
Being charged with an identity theft crime is a very serious situation. Depending on their circumstances, being convicted of identity theft can lead to large fines and years or more in prison. Talking to a local criminal defense attorney as soon as one learns that they are being investigated for, or charged with, an identity theft crime is essential to protecting one’s rights throughout the criminal justice process. An area lawyer who has experience with identity theft cases and who has represented clients in local courts is the only person capable of giving legal advice about one’s case.
Victims of identity theft should be aware of the laws in their area so that they know what to expect when their case moves towards conviction. It is helpful to know what statutes are being used to measure the crime when anticipating what the outcome might be for you as the victim. Always report if you see something that is off or questionable. Ask yourself the following questions or if you receive something have it checked into:
· Get a bill for medical services they didn’t receive;
· Be contacted by a debt collector about medical debt they don’t owe;
· See medical collection notices on their credit report that they don’t recognize;
· Find erroneous listings of office visits or treatments on their explanation of benefits (EOB);
· Be told by their health plan that they’ve reached their limit on benefits; or
· Be denied insurance because their medical records show a condition they don’t have.
Black Market and how much your information is worth
Breached records can go for pennies to hundreds of dollars depending on the nature of the content up for sale. So, how much money do these cybercriminals make after they get hold of data? How precious is the data in monetary terms?
According to Symantec’s 2019 Internet Security Threat Report, attacks on enterprises are up 12%. A new business will fall victim to an attack every 14 seconds this year. The attacks have already generated upward of $25 million in revenue for criminals. (https://www.symantec.com/security-center/threat-report)
The Sociable spoke to an array of experts to see what price cybercriminals put on different types of information. The following is a composite list:
· Personal Information (including identification number, address, birthdate) – $20 to $450
· Social Security Numbers – $1 each
· Medical Records – $20 to $50 each
· Credit Card Numbers – $2 – $5
Social security numbers were one of the most frequently exposed types of sensitive data last year and fetch a surprisingly low sum, according to Adam Stahl, Digital Marketing Specialist at Kelser Corporation. (https://www.linkedin.com/in/adam-stahl-44857632/)
He also says medical records are one of the most valuable types of information on the black market, making healthcare organizations such a target for hackers. For instance, UConn Health experienced a breach this spring, exposing the data of 326,000 patients.
“Say a small portion of that – 10 % – were complete medical records. That data would sell for $652,000 – $1.8 million,” he says.
Motives and prices vary as cybercriminals pursue that valuable information that we inadvertently put out there. As Buxton says, “As far as worth goes, it depends on what information is for sale.” (https://sociable.co/web/the-many-motives-of-hackers-and-how-much-your-data-is-worth-to-them/)
Conclusion
Privacy is paramount and to personalize it vital whether it is me or you. Not just in the healthcare sector but everywhere like insurance companies and banks are also impacted by these evil attacks. After reviewing the data of healthcare breaches and its impact on the lives of victims, I would say that healthcare officials should stay vigilant and careful about the protection of patients, healthcare information. Personal information and medical history are two important things to be protected under strong security.
Recommendations
Healthcare protection laws should be improved with the aim to protect electronically saved patient’s information. Training should be arranged for healthcare officials and employees so they can get an insight into technical risks and enable them to manage if occurs. Employees should be hired on a loyalty basis in healthcare organizations, and strict punishments are needed to impose to regulate their activities. Strong security should be maintained to monitor the activities of healthcare workers. Enhanced and advanced network security and application security are required to avoid data breaches and further complications for the organization as well as for the patient. Encryption methods should be implemented because this is a good thing to protect the patient’s personal and medical information from any unauthorized access. Punishments stated in constitutional and universal laws are short term that is not enough to probate a criminal. Healthcare hacking laws need to be improved with extended imprisonment and fined that will be paid to the patient according to the beard loss. Government involvement in the healthcare sector needs to eliminate or should be on a small level, to protect data breach by ways. These recommendations help deal with privacy problems in the United States as well as across the world.
References
Confidentiality of Medical Records: A Situation Analysis and AHIMA’s Position. (2016, September 29). Retrieved from http://bok.ahima.org: http://bok.ahima.org/doc?oid=60048#.V-1_AVQrJQI
Herman, B. (2016, October 7). http://www.modernhealthcare.com. Retrieved from http://www.modernhealthcare.com: http://www.modernhealthcare.com/article/20160330/NEWS/160339997
Higgins, K. J. (2016, October 4). Healthcare Suffers Estimated $6.2 Billion In Data Breaches. Retrieved from http://www.darkreading.com: http://www.darkreading.com/threat-intelligence/healthcare-suffers-estimated-$62-billion-in-data-breaches/d/d-id/1325482
http://criminal.findlaw.com. (2016, October 7). Retrieved from http://criminal.findlaw.com: http://criminal.findlaw.com/criminal-charges/fraud.html
http://criminal.findlaw.com/criminal-charges/identity-theft.html. (2016, October 2). Retrieved from http://criminal.findlaw.com/criminal-charges/identity-theft.html: http://criminal.findlaw.com/criminal-charges/identity-theft.html
http://www.bjs.gov. (2016, October 2). Retrieved from http://www.bjs.gov: http://www.bjs.gov/content/pub/press/vit14pr.cfm
Kassner, M. (2016, October 5). Cybersecurity professionals: The healthcare industry needs you. Retrieved from http://www.techrepublic.com: http://www.techrepublic.com/article/cybersecurity-professionals-the-healthcare-industry-needs-you/
Capstone Project | Yaima Ortiz Page 2 of 11
Capstone Project | Yaima Ortiz
Page 11 of 18