(Update May 2019.) Publishing this article was part of what started my recent investigation into Facebook’s cybersecurity and privacy practices. The outcome of that investigation means that I do not have any hopeful or positive things to say regarding Facebook and I believe that I was… and we all were, naive. I no longer hold […]
Category: Privacy
Clintons Server Politifact
Most of the time that I spend as a security-wonk is focused on email security. This is due almost entirely to my involvement as one of the architects of the Direct Project, which is a specification for using secure encrypted email in healthcare settings. Which is why I was surprised by a recent analysis from […]
Sharks, Bees and Privacy
Hi, I am happy to announce that my new article on healthcare privacy and interoperability has been accepted in the Journal of Participatory Medicine. I am not against privacy in healthcare, but I am against the notion that privacy concerns should trump issues relating to good healthcare. You can read the full article here: http://www.jopm.org/opinion/commentary/2011/07/05/sharks-bees-and-health-privacy-paranoia/ […]
Responding to Sweeney
I am again discussing the privacy comments from Dr. Latanya Sweeney. She testified to Congress that both the NHIN CONNECT and NHIN Direct security models where flawed. Figure 2(b) summarizes concerns about these two designs. The NHIN Limited Production Exchange has serious privacy issues but more utility than NHIN Direct. On the other hand, NHIN […]
The Power of Push
Hi, The NHIN Direct network has been criticized for lacking relevance for health information exchange. Specifically, Latanya Sweeney has submitted testimony to congress which has nothing good to say about either NHIN project. The paragraph I want to highlight says: ONC’s website also describes NHIN Direct [11] as a parallel initiative underway [3]. The idea […]
The Burden of Trust
Hi, I am a vocal participant on the NHIN Direct Security and Trust working group. Its a perfect place for me. I love Open Source healthcare, but my background was in InfoSec… and we never really forget our first love.. do we? At the NHIN Direct Security and Trust workgroup, I get to exercise all […]
Trust but Verify and Trust but Fork
I have enjoyed participating in the National Dialogue about Health IT. One of the challenges put forward to my suggestion that decision makers should insist on FOSS in Health IT, was the following comment: in terms of privacy, there’s nothing inherent in FOSS that makes it superior to all proprietary products. I have discussed this […]