Sunday, March 7, 2010

Assistant/Associate Professor Position in Health IT and/or Security

The MDSC received the following post regarding an open faculty position in Health IT/security.

Computing and Information Sciences
Kansas State University
Assistant/Associate Professor Position in Health IT and/or Security
The department of Computing and Information Sciences at Kansas State University invites applications for a tenure track position beginning in Fall 2010 at the level of assistant or associate professor from candidates working in the areas of health information technology and/or security. For the area of health care, we seek candidates working on designing improved health care systems which ensure patient safety, preserve privacy of data, establish high-assurance information infrastructure, and provide automated decision support capabilities. Preference will be given to candidates who will compliment the existing areas of strengths of the department which include enterprise system security, medical data privacy, language-based security, high assurance systems, medical device plug-n-play interoperability, medical device integration frameworks, and health information management. Applicants must be committed to both teaching and research. Applicants should have a PhD degree in computer science or related discipline; salary will be commensurate with qualifications. Applications must include descriptions of teaching and research interests along with copies of representative publications.

Kansas State University is committed to the growth and excellence of the CIS department. The department offers a stimulating environment for research and teaching, and has several ongoing collaborative projects involving researchers in different areas of computer science as well as other engineering and science departments. The department has a faculty of nineteen, more than 100 graduate students, and 250 undergraduate students and offers BS, MS, MSE, and PhD degrees. Computing facilities include a large network of servers, workstations and PCs with more than 300 machines and a Beowulf cluster with 1000+ processors. The department building has a wireless network and state-of-the-art media-equipped classrooms. The department hosts several laboratories for embedded systems, software analysis, robotics, computational engineering and science, and data-mining. Details of the CIS Department can be found at the URL

Kansas State University is an Equal Opportunity Employer and actively seeks diversity among its employees. Paid for by Kansas State University. Background check required.

Thursday, March 4, 2010

Treatment and privacy: not a zero-sum game

Last week, an article in the New York Times' Health section quoted Dr. Cara Litvin on electronic medical record privacy:

Privacy concerns have been the main deterrent to “wiring” medical records. But Dr. Litvin notes that the information is password-protected, and that insurers and employers would not have access to a patient’s electronic medical record unless the patient authorized it. “The benefits to providing quality medical care way outweigh any privacy issues,” she said.

Statements like that are catnip to privacy researchers. Dr. Litvin deserves the benefit of the doubt with respect to her intentions, but the notion that high-quality care and privacy are opposed to each other -- as her statement suggests -- is worth some critical consideration.

It's easy to see things from a doctor's perspective. A doctor's mandate is to heal, and in life-and-death cases, ease of access to patient records can make a critical difference. Measures meant to provide privacy should not hinder treatment in such cases; a patient whose life is at stake would probably agree. A fundamental principle is that the person providing critical care should not be stymied by technological obstacles.

But let's consider cases that don't involve life-and-death urgency. These cases are the more interesting ones from a privacy perspective, and the guiding principle of privacy mechanism design here is more slippery. It's something like this: the person providing care should have access to the information that is relevant to her decisions; nobody else should have any more information than is absolutely necessary for administrative purposes. Privacy measures are meant to protect patients from electronic security breaches -- i.e., from the sorts of problems that arise when intruders harvest lots of records at once, or when a determined attacker obtains one or more specifically chosen records. If we don't do a good enough job implementing security and privacy, such breaches can result in the permanent, irrevocable exposure of information pertaining to people who do not want that information to be public. Patients deserve high-quality care and data privacy.

Electronic medical record breaches open the door to new kinds of discrimination. Imagine a healthy person losing a job opportunity because her family history suggests an elevated risk of a debilitating disease. Imagine embarrassing disclosures based on prescription drug
information. Imagine insurers -- let's assume for a moment that not every insurer is scrupulous -- basing payment decisions on information they are not legally allowed to see. Designing mechanisms to defend against such breaches is an area of active research whose heyday is approaching.

Wednesday, March 3, 2010

ORNL hiring in medical device security

We have received word that the Cyberspace Sciences and Information Intelligence Research Group (try saying that five times fast -- or just call it CSIIR) at Oak Ridge National Laboratory is hiring. From their projects page:

By 2030, there will be 171 million Americans with chronic conditions (18% jump from 2010). With a larger aging population (77% of Americans 65+ have two or more chronic conditions), companies are beginning to help patients remotely. However, as features are added to medical devices (e.g., remotely checking heart information), this creates possibilities for attack. MDS will help protect lives by protecting the medical devices on which these lives depend.