Free Essay

Mobile Forensics in Healthcare

In: Computers and Technology

Submitted By zainabbas
Words 4340
Pages 18
2009 Eighth International Conference on Mobile Business

Mobile Forensics in Healthcare
Connie Justice, Huanmei Wu
Computer & Information Technology Purdue School of Engineering and Technology Indiana University Purdue University Indianapolis 799 W. Michigan St., ET 301 Indianapolis, IN 46202 {cjustice, hw9}@iupui.edu
Abstract -- Mobile communication has been heavily applied in the current healthcare system for health information exchange. Patient information security has become a major concern, especially with the wide adoption of electronic medical records. Mobile Forensics has been utilized by law enforcement to systematically procure and preserve mobile evidence. However, the adoption of mobile forensics in the healthcare lags behind. The goal of our project is to examine the options and to provide recommendations for adoption and customization of mobile forensics in the healthcare field. An open-ended survey of local healthcare and related facilities around Indianapolis has been explored to examine the current status of Mobile Forensics in the healthcare field. The results have been evaluated using statistical analysis. A methodology is being proposed that would use mobile forensics procedures taking into account the regulatory measures that have to be instituted due to the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Keywords-mobile forensics, healthcare.

Evelyn Walton
Informatics Indiana University Purdue University Indianapolis 799 W. Michigan St., ET 301 Indianapolis, IN 46202 emjohnso@iupui.edu

forensics has been introduced by the law enforcement field to prescribe a thorough structure of policies and procedures to ensure that criminal evidence is properly detected, extracted, and preserved, thus ensuring that all evidence obtained is legally valid and can be used as evidence in a court of law. [2] Applying forensics procedures in the healthcare is more challenging due to the special concerns regarding patient medical information. The Health Insurance Portability and Accountability Act (HIPAA) of 1996[1] establishes rigid and specific standards for the electronic storage, retrieval, and transmission of healthcare patient information. HIPAA not only addresses hardwired computer devices and networks, but also mobile and wireless devices as well. Although HIPAA is aimed at protecting patient information, it is not necessarily aimed at many of the finer points of mobile forensics; namely, detecting, extracting, and preserving any criminal evidence that may be left behind. Our project is to develop a new approach, called Healthcare Forensics Procedures, to adapt mobile forensics in the healthcare arena paying attention to the added requirements and constraints from HIPAA. The project will improve the awareness and effectiveness of healthcare IT personnel securing patient electronic healthcare information through a more diligent and structured methodology. Our major contributions are list below: • Survey on the adoption of Mobile Health Forensics in the healthcare filed: Area IT and health care professionals will be surveyed regarding their knowledge and use of Mobile Forensic experiences, methods, and practices. The survey results have been explored to examine the current application of mobile forensics in healthcare. Investigation of the current mobile forensics for health information security: Hands-on experimentations on Mobile Forensic tools have been performed to validate the principles in compliance of HIPAA regulation. Recommendation for adoption of mobile forensics procedures in the health care field: Based upon the results of the survey, recommendations will be made to these areas regarding changes in current practices that would result in increased security of patient information. Modification of the existing forensics models made to satisfy the strict requirement of HIPAA regarding working with health information.

I.

INTRODUCTION

The wide use of mobile devices, computers, personal mobile assistants (PDA), laptop computers, cell phones, and smart phones, has become our main mode of communicating among business partners, friends, and family members. The healthcare industry has been a major adopter of mobile devices. Mobile connectivity has become one of the major means of communications via text messaging, instant messaging, paging, phone conversation, access to centralized data and emails through cell phone, personal mobile assistants (PDAs), and wireless laptops. The value of mobile technology in health care is staggering. In providing health care to individuals, wireless devices are routinely used to collect, store, retrieve, display, and transmit data. Patient data can be received and delivered instantaneously as the patient is attended to. However the highly portable mobile devices are also susceptible to threats and vulnerabilities. As mobile communication becomes widely used in the healthcare industry, it has become increasing difficult and challenging to secure patient information and preserve patient privacy. In addition to the concerns of threats and vulnerabilities, the consequences when Patient Health Information is compromised are major concerns. Comupter
978-0-7695-3691-0/09 $25.00 © 2009 IEEE DOI 10.1109/ICMB.2009.51 255





II.

BACKGROUND

A. Forensics. Forensics is the “application of the natural and physical sciences to the resolution of conflicts within a legal setting” [13], and encompasses a broad range of evidentiary expertise, including anthropology (the study of the origin an behavior of man), pathology (the study of diseases and their causes), medicine, chemistry, entomology (the study of insects), toxicology, odontology (the study of the structure, development, and abnormalities of the teeth), DNA analysis, and even arson investigation [13]. Computer forensics is the response to the need by law enforcement to investigate criminal activity involving computers [13]. As computers become more prolific, so does computer crime, also known as cyber crime. Computer Forensics is becoming a broader area of study itself. As the scope of mobile crimes expanded, computer forensics has expanded the scope and is renamed mobile forensics, which encompasses a broader range of information and technology. Mobile forensics has been refined by the law enforcement field to proscribe a thorough structure of policies and procedures to ensure that criminal evidence is properly detected, extracted, and preserved, thus ensuring that all evidence obtained is legally valid and can be used as evidence in a court of law. It has proven very effective in the fight against cybercrime and is widely used by law enforcement, criminal investigators, civil discovery, security incident response, and intelligence gathering. In this paper, we will introduce a new branch of mobile forensics, which takes into consideration HIPAA and its ramification. B. Computer Crimes on Medical Records Computer crime includes, but not limited to, cracking, fraud, virus dissemination, and extortion, which gain unauthorized access to a computer system for the purpose of stealing and/or corrupting data. Unfortunately, as computer networking and security techniques advance, so do the skills of the computer crackers and their tools. Curious youngsters, organized hackers hobbyists, professional crackers, or even disgruntled employees can perpetrate Cybercrime [14]. These crackers may be simply seeking a quick thrill, or they may be looking for corporate trade secrets, financial information, or a person’s medical information [14]. In 2007, an estimate of 250,000 patients had their medical information stolen and misused in recent years. The theft or alteration of medical records can not only affect a patient’s privacy, but medical records are often checked by potential employers and creditors. A stolen medical record can often lead to insurance fraud. On the black market stolen medical record is worth fifty to sixty dollars [10]. C. Mobile Forensics Methods For the IT professional and some organizational managers (rather than the law enforcement professionals), there are four distinct phases regarding forensic evidence in the mobile arena,, namely collection, examination, analysis, and reporting. It is also recommended that each organization develop a

strategy in advance for dealing with mobile crime within their organization, which should include established policies and procedures for both mobile forensics and for the organization’s mobile information in general. The roles and responsibilities of the IT administrative and investigative staff should be clearly defined in these policies and procedures. A forensics structure and capability needs to be established, which should encompass operational inconsistencies, the monitoring of system and event logs, data recovery and acquisition, and regulatory compliance in a timely fashion. The strategy on having the proper tools and education to fulfill those responsibilities for investigative teams should also be planned. D. Mobile Forensics and HIPAA The Health Insurance Portability and Accountability Act (HIPAA)[add reference] sets standards for medical information transactions and mandates the establishment of national standards for electronic health care transactions and national identifiers for providers. HIPAA also deals with security policies and procedures, and details technical measures that address authentication, encryption, data integrity, access control, audit controls, and transmission security. This applies to not only traditional hardwired computer networks, but also to personal information devices, wireless computers, and smart phones. Administrative, technical, and physical safeguards must be utilized to insure the integrity and confidentiality of a patient’s healthcare information, and to protect that integrity and confidentiality against any reasonably anticipated threats or hazards, unauthorized uses, or disclosure. As HIPAA charges healthcare industry with securing patient information, it presents an ever-increasing challenge. The National Institute of Standards and Technology (NIST) recommend that for an organization to be HIPAA compliant a dedicated security official should be specifically assigned responsibility for HIPAA security, and further that those responsibilities should be specifically assigned and documented[1]. However, the protection of patient information involves more than simply securing the information itself; the computer systems and networks that store and transmit the information need also be secure. III. METHODOLOGY

It is reasonable to expect that the current practices, and therefore the current standard procedures, of the healthcare profession follow the guidelines established by HIPAA, but no further. It is also reasonable to expect that the healthcare profession would not voluntarily follow mobile forensic methods, and may even be totally oblivious to their existence. Therefore, a survey has been created as a pilot study to learn the usage of Mobile Forensics in the healthcare field, as well as the current standard procedures. A. Pilot Study on Mobile Forensics in Healthcare A pilot survey has been designed to examine the current practices that relate to not only hardwired networks but also to handheld, wireless, and mobile devices used in local health care institutions. It targeted at healthcare professionals in the Indianapolis metropolitan area, specifically IT managers and

256

professionals, physicians, nurses and other physician assistants, residents and medical students, health related researchers, and other non-IT employee. The qualitative survey consists of questions that will evaluate the respondent’s organizational information and professional position, detailed information about computer crime in the corresponding organization, as well as any mobile forensics training that the organization and/or respondent might have. The survey was put online using the service of the website at www.contantcontact.com. The IT chiefs of major organizations in healthcare around the area were contacted to encourage their participation of the survey. Responsive information was acquired anonymously through the web. The survey was an open-ended survey. Qualitative analysis has been performed on the survey results. This analysis focused on the frequencies, magnitudes, structures, processes, causes, and consequences of computer crimes, and will look for patterns of correlation. B. Hands-on Experimentation Hands-on experimentation of mobile forensic tools has been performed to validate the principles proposed for mobile forensics in healthcare. The two tools examined were AccessData’s Forensic Toolkit (FTK) 2.0 and Paraben’s Device Seizure 2.0 software [9,10]. AccessData’s Forensic Toolkit allows an investigator to create a drive image, view the operating system’s registry, decrypt files, crack and recover passwords, and create reports. Data may be searched using several criteria such as creation date, file size, or data type. The application is GUI based, and intuitive to use. Paraben Forensics’ Device Seizure software is aimed at cell phones, PDA’s, and GPS devices. It can be used to examine email and text messages, including deleted ones, as well as to view the call history. The call history would include received calls, missed calls, dialed numbers, and the dates and durations of all calls. The investigator can also examine the device’s phone book, date book, scheduler, and to-do lists. It is also possible to examine file systems, and in Microsoft Windowsbased devices, the registry. The file system would include all system files, as well as multimedia files such as images, videos, and sounds, plus Sun’s Java files, and ClOWn of Team 42’s Quicknotes memos. Deleted data can also be retrieved and examined. For GPS devices, waypoints, tracks, and routes can be retrieved and examined. For PDA devices, all databases can be examined. Finally, all data contained in the device’s RAM and or ROM is readily accessible. IV. RESULTS

A. Results on Pilot Study Analysis A pilot survey has been designed to check the current status of mobile health forensics in the healthcare arena. There were 27 respondents from the local healthcare facilities around Indianapolis metropolitan area. Every respondent has answered all of the questions. A qualitative analysis on the results was performed. Roles in Mobile Forensics of Responders: Among the 27 responders, 15 were IT professionals, 7 were physicians or physician assistants, and 2 were non-IT managers. Among them, 4 of them (14.8%) can make the final decision in the Electronic Health Records Decision-making process, 15 (55.5%) have strong influence, and one has some influence. The rest 7 has little or no influence in the decision making process. Training in Mobile Evidence: Only 4 of the 27 responders need to routinely (i.e., over 50% of the time) consider the possibility of mobile evidence. Most organizations, 19 out of 27 (i.e., 70.3%) have some security awareness training plans. However, only 1 responder had extensive training in mobile evidence. Another 3 has some training. The rest 23 responders (85.1%) only have limited or no training at all. When asked whether they are interested in obtaining training in mobile evidence, 5 wanted to have training, 12 answered maybe” and 10 said “no”. Mobile Devices in the Healthcare Facilities: 23 of the 27 (85%) response claimed the usage of the laptops in the healthcare facilities. In addition, personal mobile assistant (PDA) and tablet PC are also widely used in the healthcare arena. The detailed information about mobile devices is listed in TABLE I.
TABLE I. MOBILE DEVICES IN HEALTHCARE APPLICATIONS Devices Laptop/notebook computer Personal Mobile Asssitant (PDA) Tablet PC Cell Phones Don’t know Other Responses
Response numbers Ratio

23 7 15 8 2 4

85.2% 25.9% 55.6% 29.6% 7.4% 14.8%

Mobile Connectivity Technology: 17 of the 27(63%) responders used WiFi (a wireless local area networks) in their wireless connection. 5 of them used mobile cellular service and 4 used wireless personal area networks, such as Bluebooth and Infrared. In addition, 8 were not sure about their wireless connectivity. Security Technologies: The survey showed that various security technologies are applied in the healthcare arena, both software and hardware. TABLE II. lists the detailed of the utilization of different security technologies in the responded healthcare facilities.

This section will summarize the results of our pilot study for the current status of mobile forensics in the healthcare organization and give recommendations to improve the mobile forensics based on the survey results. In addition, the newly improved mobile health forensics procedure is also briefly introduced which will be in compliance with the HIPAA regulation.

257

TABLE II. Devices

SECURITY TECHNOLOGIES Responses
Response numbers Ratio

improving this situation of mobile forensics in the healthcare arena. 1) Healthcare organizations need to be aware of the importance of mobile evidence preservation. 2) Each organization should have a dedicated individual person trained in computer and mobile forensics. 3) Each healthcare organization should either have a designated computer and mobile forensics specialist on-staff, or have a designated outside contractor to call upon in the event of a security incident. 4) If there is a designated on-staff specialist, that individual should acquire and become trained in the use of computer and mobile forensics tools such as AccessData’s Forensic Toolkit or Paraben Forensics’ suite and be adequately trained in the acquisition and handling of mobile evidence. 5) All pertinent IT staff should first be made aware of the existence of computer and mobile forensics. 6) Adequate training should follow so that there is a heightened awareness of the proper procedures for the seizure, preservation, and analysis of mobile evidence. 7) All pertinent IT staff should be trained in the proper procedures necessary to execute a mobile forensics examination so that it is in compliance with HIPAA. 8) Each healthcare organization should develop policies and procedures to react to security incidents in a manner that is compliant with HIPAA. C. Mobile Health Forensics Procedure A newly proposed procedure for Mobile Forensics is a further adaptation of the Air Force Model called Mobile Healthcare Forensics Procedures. Mobile Healthcare Forensics takes into consideration HIPAA and its ramifications by grouping the involved parties into four groups. These four groups consist of the Investigator, the Healthcare Organization’s Administration, the Healthcare Organization’s IT Staff, and the patient. In the event of a security breach, each of these groups has a vested interest in the security of the healthcare information, the resolution of any security breaches, and the avoidance of any recurrence. The first step of the proposed Mobile Healthcare Forensics Model is that of Identification, whereby the IT Staff determines what systems were affected, if the affected systems contained personally identifiable healthcare information, and whether or not to pursue a forensics investigation. In the Preparation step, the IT Staff prepares all needed tools, techniques, warrants, and authorizations, and also notifies the Administration of the incident. Also during this step the Administration decides whether a forensic investigation will be done internally or by an outside party. The Approach Strategy step involves formulating a plan of attack to maximize the collection of pristine evidence while at the same time minimizing the disruption to the rest of the facility. In this step the Investigator must determine how to

Access control lists (server based) Antispam software Antispyware software Anitvirus software Biometrics Encrypted files (for storage) Encrypted files (for transfer) Encrypted login Firewalls Intrusion prevention/detection system Limits on which users can install software Password complexity requirements Periodic required password changes Physical security SmartCards (card, PCMCIA, USB, etc) VPNs Website Content Filtering Don’t know

19 22 22 21 5 12 14 8 22 15 21 19 20 17 4 22 16 3

70.4% 81.5% 81.5% 77.8% 18.5% 44.4% 51.9% 29.6% 81.5% 55.6% 77.8% 70.4% 74.1% 63.0% 14.8% 81.5% 59.3% 11.1%

Security Incidents: 9 out of the 27 responders answered that there was no computer security incidents in their organization for the last 12 months. 4 others claimed there were 1 to 4 security incidents. The other 14 responders did not know the statistics of the computer incidences in their organization. Incident Response Plan: Regarding the responses to any security incident, 21 out of the 27 responders claimed that their organization have established policies and procedures in place that identify steps to be taken if there is a physical and/or information security breach. Two organizations don’t have the incident response plan and the other four do not know if there is such a plan in the organization. Mobile Forensics: Only one responder claimed that his organization had a dedicated computer crime or mobile forensics unit, i.e., there are one or more full-time employees working for the task. Ten organizations have a policy concerning who can seize, duplicate, examine or analyze mobile evidence. However, only four of the organization required specific training to seize mobile evidence. B. Summary of the Survey Results Many organizations are security-aware, and some even have action plans in the event of a security incident. Yet almost none have a dedicated Mobile Forensics Unit or even any personnel trained in the acquisition or analysis of mobile evidence. The following are eight recommendations aiming at

258

separate personally identifiable health information from all other information, as well as how to protect it. In the Preservation step, the state of the physical and mobile evidence are isolated, secured, and preserved. As with any Mobile Forensics methods, the Collection step entails recording the physical scene and duplicating (imaging) the mobile evidence. However, under the proposed Mobile Healthcare Forensics model, the Investigator must take additional measures to always keep personally identifiable health information separate from all other data, to the extent of using separate drives for imaging this data, as well as labeling and storing these drives separately to avoid confusion. In the Examination and Analysis steps, the Investigator must again keep personally identifiable health information separate from other seized information, and must insure that this information is labeled as containing personally identifiable health information. In the Presentation step, additional measures must be taken to protect personally identifiable health information. For this step, the Investigator should work in concert with the Administrator’s attorney specializing in HIPAA, who should also review any created reports in the event that they contain personally identifiable health information. The final step of the Mobile Healthcare Forensics model is the Return Evidence step, where all physical and mobile evidence is returned to the Healthcare Organization’s Administration. These steps strive to maintain the utmost security on the collected physical and mobile evidence to protect any personally identifiable health information from further compromise. V. CONCLUSIONS

illegally or information.

accidentally

penetrate

patient

healthcare

To determine the current practices in the healthcare profession, a survey was conducted to ascertain the prevalence of Mobile Forensics usage in the healthcare field, as well as the current standard procedures, and targeted healthcare professionals in the Indianapolis metropolitan area, including IT managers and professionals, physicians, nurses and other physician assistants, residents and medical students, health related researchers, and non-IT management. A pilot study was conducted in December 2007 of 27 area health care professionals regarding their security practices, and revealed that few had any Mobile Forensics training or utilized Mobile Forensics policies and procedures. VI. FUTURE WORK

A second study was conducted in May and June of 2008, with the intent that this be a full and statistically valid study. This study was modified so that respondents who were not IT personnel did not need to answer questions that were strictly IT in nature, and its scope was specifically hospitals, insurance companies, medical offices, and other healthcare professionals in Marion County, Indiana and the eight adjacent counties; Hamilton, Madison, Hancock, Shelby, Johnson, Morgan, Hendricks, and Boone. Although the second study was intended to be more thorough and revealing, there were in fact only eight respondents. To be statistically valid, the study required 300 respondents, with a target of 350 respondents as an added margin. As part of our future work we will modify and conduct another survey with the target of 350 respondents in mind. Experimentation involving uses of some Mobile Forensic hardware and software indicated that this adaptation is needed in the healthcare field. The overall objective is improving not only the reactive, but also the proactive, responses to cybercrime in the healthcare environment through new or modified policies and procedures. We feel that more experiments on the processes and procedures need to be conducted to validate the mobile healthcare forensics procedures and methodology. REFERENCES
[1] [2] [3] [4] [5] The Health Insurance Portability and Accountability Act of 1996 (HIPAA) http://www.hhs.gov/ocr/privacy/index.html Computer Forensics. http://www.us-cert.gov/reading_room/forensics.pdf Computerworld, “Mobile & Wireless. Wireless Leaders & Laggards: Health Care”, http://www.computerworld.com/mobiletopics/mobile/story/0,10801,101 711,00.html J. Myers, T. R. Frieden, K. M. Bherwani, and K. J. Henning, “Ethics in Public Health Research: Privacy and Public Health at Risk: Public Health Confidentiality in the Mobile Age”, Am J Public Health, May 1, 2008; 98(5): 793 - 801. United States Government Accountability Office, Domestic and Offshore Outsourcing of Personal Information in Medicare, Medicaid, and TRICARE”, GAO-06-676, September 6, 2006.

Forensic Science has been a part of the legal system since the days of the Roman Empire. Today it is an invaluable part of our legal system. From Forensic Science grew the need for Computer Forensic Science, followed by Mobile Forensic Science. All of these focus on the meticulous gathering of criminal evidence. Cybercrime has its roots in defrauding the telephone company of long-distance charges, but now encompasses everything from corporate espionage to insurance fraud to identity theft. In 2007, 8.4 million people were affected by identity theft. The importance of this project is that the protection of patient information should involve more than simply securing the information itself; the computer systems and networks that store and transmit the information should also be secure. It is the goal of this project that means be determined and established to improve the security of patient medical information through the adoption and use of Mobile Forensic policies and procedures. Much information exists on Mobile Forensics and the Health Insurance Portability and Accountability Act, but little exists on how to use these two in concert to catch those who

[6]

259

G. G. Richard III, V. Roussev, “Mobile Forensics Tools: The Next Generation”, invited chapter in Mobile Crime and Forensic Science in Cyberspace, IDEA Group Publishing, 2005. [8] Computerworld, “My health records? Let me check my cell”. Heather Havenstein February 01, 2007, http://www.computerworld.com/action/article.do?command=viewArticl eBasic&articleId=9010064&source=rss_news50 [9] Access Data Forensics Toolkit http://accessdata.com/forensictoolkit.html [10] Paraben Forensics Device Seizure http://www.parabenforensics.com/catalog/product_info.php?cPath=25&products_id=405 [11] NIST 800-66 Revision 1: An Instroductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. http://csrc.nist.gov/publications/nistpubs/80066-Rev1/SP-800-66-Revision1.pdf

[7]

[12] Bankrate.com, Medical Identity Theft Can Kill You, http://www.bankrate.com/brm/news/insurance/20070105_medical_ident ity_theft_a1.asp [13] Whitcomb, C. M., An Historical Perspective of Digital Evidence: A Forensic Scientist’s View. International Journal of Digital Evidence, Spring 2002 Volume 1, Issue 1, http://www.utica.edu/academic/institutes/ecii/publications/articles/9C4E 695B-0B78-1059-3432402909E27BB4.pdf [14] The Network Administrator.com, Most Popular Viruses and Hacking Tools, http://www.thenetworkadministrator.com/2003MostPopularHackingToo ls.htm

260

Similar Documents

Premium Essay

Network Security

...Network Security Clint Tipps September 21, 2014 ISSC340/ APUS Prof. Bryan Jensen Abstract This paper will cover several aspects of network security. Numerous different aspects of wired and wireless network security, including protocols applied to secure a network, penetration testing, digital forensics, and network hardening will be covered. There are numerous methods for providing security to a network, and even more to gain access to one. The challenge is to be one step ahead of anyone who may wish to penetrate the network. For this reason, many owners of large networks perform penetration testing in order to identify potential holes in their network. If malicious activity is detected, using digital forensics can help identify where the attack came from. This would, in turn, lead to a network engineer to harden the network against the identified threat. Network Security Over the last decade, computer systems have increased in speed and capacity while decreasing in price. Computers that where once used in corporate environments are now less powerful than a typical household computer. While this sea change occurred, network communications have grown and improved, to allow computers to communicate easily from remote locations, adding vast opportunities for illegal activities. Data can maliciously be changed or destroyed, systems can be made to malfunction and long distance charges can be avoided. One of the biggest challenges today is to control the security of......

Words: 3488 - Pages: 14

Premium Essay

Online Degree Paper

...Certificate Degrees Online Drexel University Online provides over 45 accredited online certificate programs in a variety of concentrations. Choose from Business Certificates, Nursing Certificates, Education Certificates and more. Regardless of where you are in your education, we have fully accredited, online certificates that can help you advance in your career. Whether you are looking for post-bachelor's certificates, post-master's certificates or trying to gain more knowledge in your area of expertise or employment, Drexel has the right certificate for you. * Business * Graduate Certificate in Construction Management * Graduate Certificate in Creativity and Innovation * Graduate Certificate in Engineering Management * Graduate Certificate in Gaming and Casino Operations * Graduate Certificate in Homeland Security Management * Graduate Certificate in Real Estate * Graduate Certificate in Sustainable Green Construction * Certificate in Creativity and Innovation * Certificate in Fundamentals of Property Management * Certificate in Retail Leadership * Clinical Research * Certificate of Study in Clinical Research * Quantitative Principles for Clinical Research Certificate * Education * Certificate in Mathematics Learning and Teaching * Graduate Certificate Applied Behavior Analysis * Graduate Certificate in Adult Education (SoTAPS UG) * Graduate Certificate in Advanced Teaching and Curriculum *......

Words: 961 - Pages: 4

Premium Essay

Improving Medical Information Security

...Application of Information Technology Keller Graduate School of Management Table of Contents Introduction/Definition Company Background Current Business Issues Proposed Solutions Recommendations Introduction The security of patient data has been, and continues to be, a major problem for the US in achieving its goals for an interoperable healthcare system. In the same way, information communication technologies will increasingly make security in organizations more complex. It is particularly evident in sectors that already lack adequate security regimes. One such sector is healthcare, where information security is not their core business and the understanding of its importance is often underestimated. Poor implementation of medical information security is affected by more than the acceptance of technology; it is closely linked to human factors, culture and communities of practice, all under pinned by trust. It also poses a problem because within the healthcare arena the entire nation is trying to standardize and move into Electronic Health Records (EHR), which is simply a shift from the original paper format of a patient’s medical history and record to a computerized, electronic standpoint. This situation necessitates research into how to contextualize implementation of information security within this environment. The application of a contextual implementation model is compared......

Words: 2245 - Pages: 9

Premium Essay

Dell and Information Technology

...Dell and Information Technology Dell is regarded worldwide as one of the largest and most popular computer companies in the business today, but they do much more than just make computers. Dell has exemplified the way e-business is conducted and has innovated many aspects of it to fit their own business model. Ranging from online computer sales to tailored corporate customer support, Dell has integrated several methods of e-business, which have given them a cutting edge against their competitors, especially at a rough time for the PC market. First let us look at Dell’s background a little bit. Dell is a technology company that not only sells computers, servers, and networking equipment, but IT services and consulting as well. Dell revolutionized computer sales by becoming the first company to sell products via phone and the internet instead of retail stores. While initially Dell blew away competition using this new approach, competitors have narrowed the gap. Dell currently employees over 103,000 people worldwide and is widely known for its supply chain and e-commerce strategies. Since its launch in 1996, Dell.com has been more than just a website, providing users with top level support, information, and purchasing abilities. Starting in 1996, Dell began to sell computers via their website, and in 1997 was the first company to record one million dollars in online sales. By 2000 Dell was pulling in $50 million a day in online sales. According to Dell, roughly half of the......

Words: 1700 - Pages: 7

Free Essay

The Risks of Doing Business in China

...The Risks of Doing Business in China Despite recent measures to curb corruption, foreign investors doing business in China must remain vigilant. Tuesday, June 04, 2013 , By Jim Barratt and Jimmy Ko China's economy is the second-largest in the world and continues to grow at an astonishing rate. Just recently, in fact, the Asian Development Bank forecasted that China's economy will grow by 8.2% this year. However, while economic growth brings business opportunities to all investors, continued widespread corruption in China has affected its government's legitimacy in maintaining prosperity in the region and can bring a multitude of risks to financial services companies that are doing business there. With China's recent transition to new leadership complete, it has been interesting to observe the ruling party's heightened focus on tackling corruption. Under China's new president, Xi Jinping, it has conducted a visible anti-corruption drive and imposed austerity measures in an effort to curb the display of wealth by government officials and generate goodwill among the Chinese population. While critics say that the recent measures target only the most conspicuous displays of wealth by government officials, the anti-corruption drive has already netted dozens of officials. Moreover, some perceive that the recent election of Wang Qishan as the new head of China's anti-graft body, the Central Commission for Discipline Inspection (CCDI), signals that the financial sector could...

Words: 3430 - Pages: 14

Premium Essay

Henderson Community Health Report

...gave the Clinic stocks in Avon Products as well as property which is the current site of our "Central" Program on SW 27th Avenue in Fort Lauderdale. The money from the sale of the stock enabled us to build the structure and purchase the furnishings. The Clinic was renamed Henderson Clinic of Broward County in 1961.” 4. What populations does the center serve today? Henderson serves “more than 20,000 people of all ages, including 5,000 youth under 18 years of age.” FIND SERVICES CRISIS 5. What is the goal of Crisis Services? “ To provide immediate intervention to people experiencing a psychiatric crisis. Early intervention in a time of need can prevent hospitalization and stabilize acute situations. Crisis Services include mobile community outreach or walk-in services, psychiatric evaluation, consultation and medication monitoring, brief therapy, and short-term inpatient psychiatric treatment and stabilization.” 6. What crisis servies are included? Walk-In Evaluation and Treatment Psychiatric/Diagnostic Evaluations Medication Management Crisis Counseling and Intervention Short-term Psychotherapy Co-Occurring Disorders Assessment Community Linkage and Referral Monitoring and Follow-up Evaluation and arrangement for inpatient...

Words: 2264 - Pages: 10

Premium Essay

Essentials of Management Information Systems

...Are We Ready for Cyberwarfare? BOSTON CELTICS SCORE BIG POINTS AGAINST SPYWARE While the Boston Celtics were fighting for a spot in the playoffs several years ago, another fierce battle was being waged by its information systems. Jay Wessel, the team’s vice president of technology, was trying to score points against computer spyware. Wessel and his IT staff manage about 100 laptops issued to coaches and scouts, and sales, marketing, and finance employees, and these machines were being overwhelmed by malware (malicious software). Like any sports franchise, the Celtics are on the road a great deal of time during the playing season. Coaches, recruiters, and other staff members are at away games 40 or more times each season, using their mobile laptop computers to review plays and update the status of players. They continually sign onto the Internet and...

Words: 21009 - Pages: 85

Free Essay

Sans Institute Infosec Reading Room

...Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Security Strengths and Weaknesses of Two Popular Web Servers As the mediator between your business and the world the Web Server that you choose must be completely sound in regards to security. You do have many options when choosing which Web Server package you will use to transmit your company's on-line presence to the rest of the world. There are two Web Server packages in particular that dominate the market for Web Servers. These two Web Server packages are Microsoft's Internet Information Server, and Apache. Copyright SANS Institute Author Retains Full Rights AD Brad Bell August 19, 2001 Security Strengths and Weaknesses of Two Popular Web Servers As the mediator between your business and the world the Web Server that you choose must be completely sound in regards to security. You do have many options when choosing which Web Server package you will use to transmit your company's on-line presence to the rest of the world. There are two Web Server packages in particular that dominate the market for Web Servers. These two Web Server packages are Microsoft's Internet Information Server, and Apache. What is a Web Server? Key definition andAF19 FA27 a web998D FDB5 DE3D F8B5 06E4 A169 4E46 static content to The fingerprint = purpose of 2F94 server is a software......

Words: 3755 - Pages: 16

Premium Essay

Nothing Yet

...Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Conducting a Penetration Test on an Organization This document is decided to give readers an outlook on how a penetration test can be successfully done on an organization. A methodology has been drawn out in this document to allow readers to be acquainted with the process that penetration testers go through to conduct a penetration test. Copyright SANS Institute Author Retains Full Rights AD Conducting a Penetration Test on an Organization TABLE OF CONTENTS PAGE Abstract 2 Bibliography ut ho Conclusion rr Limitation of Penetration Testing eta ins The Process and Methodology Planning and Preparation Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Information Gathering and Analysis Vulnerability Detection Penetration Attempt Analysis and Reporting Cleaning Up fu ll r igh ts. What is a Penetration Test? 2 3 3 4 6 7 9 9 10 10 11 12 14 Appendix A: Netcraft (www.netcraft.com) results on www.sans.org Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Chan Tuck Wai (twchan001) © SA Full name: Chan Tuck Wai GIAC userID: twchan001 Course: Security Essentials Version: First (Original Submission) Conference Location:......

Words: 5729 - Pages: 23

Premium Essay

Invesigate Science at Work

...Research We received a task which was to investigate science at work. This would vary from many different fields in science meaning that there are many different options which are available to us across the U.K. Due to this, we decided to narrow the search to local companies so that finding information from them was easier to attain due to them being easily accessible. So, to do narrow the companies to make it easier to find the companies and group them; 1. Firstly, before anything, sat with my peers and teachers and came up with different sectors of what companies would have aspects of sciences which are used and then we created the groups to specific aspects of sciences such as Health, Food, farming, education, manufacturing etc. We chose these types of sectors due to them being specific to a type of science which would split the companies due to the different uses of what the comp 2. .anies focus on. As we created the groups, we made sure that our groups were such of those that can be linked with each other. 3. After doing so, we then brainstormed on what the company types would fit under the categories we created. This was done on a mind map so that we could see the groups and what type of company or what the company specializes in would be visible to us after we had found the types of companies we were looking for, we could then find the companies that were close to us. We were looking for the companies that were near us due to them being easily accessible...

Words: 5024 - Pages: 21

Premium Essay

Damsel

...2014-2015 Undergraduate Academic Calendar and Course Catalogue Published June 2014 The information contained within this document was accurate at the time of publication indicated above and is subject to change. Please consult your faculty or the Registrar’s office if you require clarification regarding the contents of this document. Note: Program map information located in the faculty sections of this document are relevant to students beginning their studies in 2014-2015, students commencing their UOIT studies during a different academic year should consult their faculty to ensure they are following the correct program map. i Message from President Tim McTiernan I am delighted to welcome you to the University of Ontario Institute of Technology (UOIT), one of Canada’s most modern and dynamic university communities. We are a university that lives by three words: challenge, innovate and connect. You have chosen a university known for how it helps students meet the challenges of the future. We have created a leading-edge, technology-enriched learning environment. We have invested in state-of-the-art research and teaching facilities. We have developed industry-ready programs that align with the university’s visionary research portfolio. UOIT is known for its innovative approaches to learning. In many cases, our undergraduate and graduate students are working alongside their professors on research projects and gaining valuable hands-on learning, which we believe is......

Words: 195394 - Pages: 782

Free Essay

Guest Lecture

...M&IS 44045-001 INFORMATION SYSTEMS MANAGEMENT FALL 2013 TR 11:00 am - 12:15 pm Room 108 BSA INSTRUCTOR: | Dr. Catherine M. Bakes | OFFICE: | A-405 BSA | OFFICE HOURS: | Mon 2:15-4:45 pm, Wed 1:15-3:45 pm, and by appointment | OFFICE PHONE: | (330) 6721162 | E-MAIL: | cbakes@kent.edu | TEXT: | “Information Technology for Management: Advancing Sustainable, Profitable Business Growth,” 9th Edition, by Efraim Turban, Linda Volonino, & Gregory R. Wood, Wiley, 2013. ISBN: 9781118357040 (Softback) 9781118453247 (Binder ready)9781118547861 (E-text) | COURSE DESCRIPTION Information technology has changed how small to medium size businesses, large corporations, banks, government agencies, healthcare institutions, and other organizations operate and succeed in today’s global economy. Organizations can use IT to transform themselves, improve the efficiency and effectiveness of their operations, and achieve a tremendous competitive advantage. This course will examine the issues surrounding the design, application, and effective use of information systems. It will show how critical information systems have become for all organizations and take an in depth look at IT best practices. The course will have a real world orientation and focus on the role of IT in finding practical solutions to business problems. It will provide a comprehensive overview of IT applications, current trends, and cutting edge technologies, as well......

Words: 3702 - Pages: 15

Premium Essay

Laudon Ch5

...Management Information Systems MANAGING THE DIGITAL FIRM Kenneth C. Laudon New York University f Jane P. Laudon Azimuth Information Systems PEARSON feerttifie tall Pearson Education International Brief Contents Part One Chapter 1 Chapter 2 Chapter 3 Chapter 4 Part One Project Organizations, Management, and the Networked Enterprise 1 Information Systems in Global Business Today 2 Global E-Business: How Businesses Use Information Systems 38 Information Systems, Organizations, and Strategy 80 Ethical and Social Issues in Information Systems 124 Analyzing Business Processes for an Enterprise System 165 Part Two Chapter 5 Chapter 6 Chapter 7 Chapter 8 Part Two Project Information Technology Infrastructure 167 IT Infrastructure and Emerging Technologies 168 Foundations of Business Intelligence: Databases and Information Management 222 Telecommunications, the Internet, and Wireless Technology 260 Securing Information Systems 312 Creating a New Internet Business 351 Part Three Chapter 9 Chapter 10 Chapter 11 Chapter 12 Part Three Project Key System Applications for the Digital Age 353 Achieving Operational Excellence and Customer Intimacy: Enterprise Applications 354 E-Commerce: Digital Markets, Digital Goods 388 Managing Knowledge 428 Enhancing Decision Making 470 Designing an Enterprise Information Portal 508 Part Four Chapter 13 Chapter 14 Chapter 15 Part Four Project Building and Managing Systems 509 Building Systems 510 Project......

Words: 3508 - Pages: 15

Free Essay

Women Affair.Pdf

...WOMEN DEVELOPMENT AND NATIONAL POLICY ON WOMEN IN NIGERIA Olubunmi Aderemi Sokefun Abstract This paper discusses the document on women in Nigeria (National Policy on Women). Several past administrations in this country have treated women issues and affairs with calculated levity: Carefully side - tracking or blatantly refusing to accord it the necessary attention. It is now a thing to gladden the hearts of all women of Nigeria that, "after four attempts by four former heads of Nigeria's Government," Chief Obasanjo's administration finally granted government recognition to women's issues in this country. The official document .on Human Rights' issues as it relates to Nigerian women; this document is known as the NATIONAL POLICY ON WOMEN. This paper therefore focuses on the document which promises to bring delight to the heart of every woman in this country. Introduction When late Mrs. Olufunmilayo Ransome Kuti joined the vanguard team as the only nationalist and activist during the early struggle for Nigerian independence, hardly did .anybody realize then that she had a dream, a clear vision of a future Nigerian woman, that vision was crystal clear in her heart, and like a pivot, it stood firmly on three stand posts-known today as women's rights, women emancipation and women empowerment.. . Mrs. Olufunmilayo Ransome-Kuti later joined by some educated women of like minds, fought daringly and relentlessly for these three .pivotal goals of women emergency and relevance in the......

Words: 71889 - Pages: 288

Free Essay

Info Request on John Molson Sb

...RAM RAMESH Office: Residence: Department of Management Science & Systems 82 Prestonwood Lane School of Management, SUNY at Buffalo East Amherst, NY 14051 Buffalo, New York 14260 Ph: (716) 688-6360 Ph: (716) 645-3258 Fax: (716)645-6117 E-Mail: rramesh@acsu.buffalo.edu Web: http://mgt.buffalo.edu/faculty/academic/systems/faculty/rramesh Education Ph.D. Industrial Engineering (Operations Research) (1985) State University of New York at Buffalo (GPA: 4.0. Awarded Ph.D with Distinction) Advisors: Mark H. Karwan and Stanley Zionts M.Tech. Industrial Engineering (1977) Indian Institute of Technology, Madras B.Tech. Chemical Engineering (1975) Indian Institute of Technology, Madras Research Streams • • • • Economics of IT – MSP and Cloud Computing Markets Conceptual Modeling and Ontologies Database Systems and Distributed Computing Supply Chains & Decision Analysis Employment Professor Department of Management Science & Systems School of Management State University of New York at Buffalo (September 1998 - ) Associate Professor Department of Management Science & Systems State University of New York at Buffalo (September, 1990 – September 1998) Assistant Professor Department of Management Science & Systems State University of New York at Buffalo (September, 1984 - September, 1990) 1 Research and Teaching Assistant Doctoral Program in Operations Research Department of Industrial Engineering State University of New York at Buffalo (January, 1981 - September, 1984)......

Words: 7611 - Pages: 31