Office of Inspector General Finds Security Risks in National Institute of Health Data Sharing Processes & Controls

 

Opportunities Exist for the National Institutes of Health To Strengthen Controls in Place To Permit 

 

It seems that even the National Institute of Health could use some security training…   A recent report from the Office of the Inspector General has states:

We recommend that NIH work with an organization with expertise and knowledge in scientific data misuse. NIH could strengthen its controls by developing a security framework, conducting a risk assessment, and implementing additional appropriate security controls designed to safeguard sensitive data.

 

However, NIH disagreed with the overall assessment from the OIC.  Here is the report overview:

 

As part of the Department of Health and Human Services (HHS), the National Institutes of Health (NIH) is the largest public funder of biomedical research agency in the world, investing more than $30 billion in taxpayer dollars to achieve its mission. NIH's mission is to seek fundamental knowledge about the nature and behavior of living systems and the application of that knowledge to enhance health, lengthen life, and reduce illness and disability. OIG has identified risks related to the sharing of sensitive data.

Our objective was to assess whether NIH had adequate controls in place when permitting and monitoring access to NIH sensitive data.

We reviewed NIH's internal controls for monitoring and permitting access to sensitive data. To accomplish our objective, we used appropriate procedures from applicable Federal regulations and guidance. We reviewed NIH policies, procedures, and supporting documentation, and we interviewed NIH staff.

NIH should improve its controls when permitting access to sensitive NIH data. We provided a detailed restricted report to NIH, and we shared with NIH information about our preliminary findings before issuing our draft report to ensure that NIH could take prompt corrective actions.

We recommend that NIH work with an organization with expertise and knowledge in scientific data misuse. NIH could strengthen its controls by developing a security framework, conducting a risk assessment, and implementing additional appropriate security controls designed to safeguard sensitive data. We also recommend that NIH develop and implement mechanisms to ensure data security policies keep current with emerging threats. Lastly, we recommend that NIH make security awareness training and security plans a requirement.

NIH did not concur with our recommendations to develop a security framework, conduct a risk assessment, and implement additional controls for sensitive data. NIH concurred with our recommendations to ensure security policies keep current with emerging threats and to make training and security plans a requirement; however, NIH did not agree to the addition of controls to ensure training and security plan requirements have been fulfilled. NIH also stated that it recently established a working group to address and mitigate risk to intellectual property as well as to protect the integrity of the peer-review process.

We maintain that our findings and recommendations are valid. We recognize that NIH reported that it is already taking certain actions, such as the working group that was recently established, that may address our recommendations. We also provided NIH with other potential actions to address our findings and recommendations. If NIH determines that it does not need to strengthen its controls, it should document that determination consistent with applicable Federal regulations and guidance.

 

The official report available in a pdf file can be read or downloaded at this link.  

Centers for Disease Control - Use of Toothpaste and Toothbrushing Patterns Among Children and Adolescents — United States, 2013–2016

 

Fluoride can be a truly amazing thing for dental health.  When dosed properly and done so in accordance with the known and proven science, fluoride can save millions from the ravages of tooth decay.

 

However, it is important to use any medicament properly for it to provide the proper benefits.  To that end, the CDC recently published in the “Morbidity and Mortality Weekly Report” information on the proper use of fluoride and fluoride containing toothpastes.  Like any medication or actually *anything* that can be ingested by the human body, too much of a good thing can lead to serious problems.

 

This post is in no way to be construed to mean that fluoride is harmful.  Used properly, fluoride is one of the best things for optimal oral health.

 

The CDC cautions that instructions be followed to provide the best possible benefits from fluoride.

 

Here is the recently published article, but if you would like to view it on the CDC website, follow this link to read it.  

 

Fluoride use is one of the main factors responsible for the decline in prevalence and severity of dental caries and cavities (tooth decay) in the United States (1). Brushing children’s teeth is recommended when the first tooth erupts, as early as 6 months, and the first dental visit should occur no later than age 1 year (2–4). However, ingestion of too much fluoride while teeth are developing can result in visibly detectable changes in enamel structure such as discoloration and pitting (dental fluorosis) (1). Therefore, CDC recommends that children begin using fluoride toothpaste at age 2 years. Children aged <3 years should use a smear the size of a rice grain, and children aged >3 years should use no more than a pea-sized amount (0.25 g) until age 6 years, by which time the swallowing reflex has developed sufficiently to prevent inadvertent ingestion. Questions on toothbrushing practices and toothpaste use among children and adolescents were included in the questionnaire component of the National Health and Nutrition Examination Survey (NHANES) for the first time beginning in the 2013–2014 cycle. This study estimates patterns of toothbrushing and toothpaste use among children and adolescents by analyzing parents’ or caregivers’ responses to questions about when the child started to brush teeth, age the child started to use toothpaste, frequency of toothbrushing each day, and amount of toothpaste currently used or used at time of survey. Analysis of 2013–2016 data found that >38% of children aged 3–6 years used more toothpaste than that recommended by CDC and other professional organizations. In addition, nearly 80% of children aged 3–15 years started brushing later than recommended. Parents and caregivers can play a role in ensuring that children are brushing often enough and using the recommended amount of toothpaste.

NHANES is a multistage probability sample of the noninstitutionalized U.S. population; data are obtained from assessments made using interview questionnaires and clinical examinations (5). This analysis was limited to children and adolescents aged 3–15 years whose parent or caregiver completed the following open-ended questions: “At what age did study participant (SP) start brushing (his/her) teeth?” and “At what age did (SP) start using toothpaste?” The responses were coded into the following four categories: <1 year, 1 year, 2 years, and ≥3 years. Response to the question “How many times (do you/does SP) brush (his/her) teeth in one day?” was recoded into the following three categories: 1 time, 2 times, and 3–6 times. To estimate the amount of toothpaste used, parents were asked, “On average, how much toothpaste (do you/does SP) use when brushing (his/her) teeth?” Responses, based on the amount of toothpaste on the toothbrush, were categorized as smear, pea size, half load, and full load. All analyses were performed using statistical software that accounted for the complex sample design of NHANES. All estimates were obtained using the interview sample weights. Chi-squared tests were used to assess the association between toothbrushing and toothpaste use behaviors and sociodemographic characteristics, and a p-value <0.05 was considered to be statistically significant (5).

A total of 5,157 children and adolescents aged 3–15 years were included in this analysis (Table 1). Approximately half (51%) were non-Hispanic white (white), 14.4% were non-Hispanic black (black), and 15.9% were Mexican-American. More than half (52.8%) were from households earning ≥200% of the federal poverty level, and more than two thirds (69.1%) of heads of households had completed more than a high school education. Overall, 20.1%, 38.8%, 26.6%, and 14.5% of children and adolescents were reported to have started brushing their teeth at age <1 year, 1 year, 2 years, and ≥3 years, respectively (Table 2). Approximately 60% of white and black children were reported to have started toothbrushing at age ≤1 year, including 22.9% and 18.6%, respectively, at age <1 year, and 40.8% and 40.0%, respectively, at age 1 year. Among Mexican-American children, nearly half (49.3%) were reported to have started toothbrushing at age ≤1 year, including 15.4% at age <1 year and 33.9% at age 1 year. More than one fifth (22.6%) of Mexican-American children were reported to have initiated toothbrushing at age ≥3 years, compared with 11.4% of white children and 13.9% of black children. Among children living with a head of household with less than a high school education, 44.5% were reported to start tooth-brushing at age ≤1 year compared with 63.2% of those living with a head of household with higher than a high school education. Overall, 60.5% of children aged 3–15 years were reported to brush their teeth twice a day.

Initiation of toothpaste use at age <1 year, 1 year, 2 years, and ≥3 years was reported for 9.0%, 35.2%, 32.7%, and 23.1% of children, respectively. Overall, 8.9%, 10.8%, and 7.7% of white, black, and Mexican-American children, respectively, were reported to have started to use toothpaste at age <1 year, whereas 21.4%, 17.3%, and 31.2% of white, black, and Mexican-American children, respectively, were reported to have started at age ≥3 years. Among children living with a head of household with less than a high school education, nearly 6% were reported to have commenced using toothpaste at age <1 year, compared with 10.6% whose head of household had a high school diploma and 9.3% whose head of household had more than high school education (Table 3).

Approximately 60% of children and adolescents aged 3–15 years reported using a half load (28.7%) or full load (31.4%) of toothpaste when brushing. Among children aged 3–6 years, the reported amount of toothpaste varied: 12.4% used a smear, 49.2% used a pea-sized amount, 20.6% used a half load, and 17.8% used a full load (Table 3).
 
Discussion
CDC recommends that all persons drink optimally fluoridated water (0.7 mg/L) and if aged ≥2 years, brush their teeth twice daily with a fluoride toothpaste to reduce the risk for dental caries (1). CDC also advises parents to consult with their child’s dentist or physician before introducing fluoride toothpaste to children aged <2 years (6). The American Academy of Pediatrics (AAP), American Academy of Pediatric Dentistry (AAPD), and American Dental Association (ADA) recommend fluoride toothpaste for all children and limit the amount of toothpaste used by children aged <3 years to a “smear” the size of a grain of rice (2–4). In this study, >38% of children aged 3–6 years reportedly used a half or full load of toothpaste, exceeding current recommendation for no more than a pea-sized amount (0.25 g) and potentially exceeding recommended daily fluoride ingestion (1,6). In addition, some children, particularly Mexican-Americans, were reported to have started brushing their teeth and using toothpaste at age ≥3 years, which is later than is recommended. Similarly, some children living in a low-income household or one in which the head of household had less than a high school education were reported to start toothbrushing at age ≥3 years. Recommendations aim to balance the benefits of fluoride exposure for prevention of dental caries with the potential risk for fluorosis when excessive amounts of fluoride toothpaste are swallowed by young children. The findings from this study highlight the importance of recommendations that parents supervise young children during brushing and monitor fluoride ingestion (7–10).

Recently, CDC and AAP have begun collaborative work to develop messages targeted at pregnant women and new mothers regarding recommended toothbrushing practices. CDC, AAP, AAPD, and ADA recommend that children aged 3–6 years brush their teeth twice daily using a pea-sized amount of fluoride toothpaste. Supervision is emphasized as a critical role for the parent or caregiver as the child first begins using a toothbrush and toothpaste.

The findings in this report are subject to at least three limitations. First, the measures used are based on parents’ self-report, so reporting bias is possible. Second, the question about the amount of toothpaste used focuses on the amount currently used and therefore might overestimate the amount that was used at younger ages. Finally, the type of toothpaste (fluoride versus nonfluoride) was not specified. Use of these self-report questions is part of the CDC Division of Oral Health’s surveillance plan to improve and monitor fluoride exposure. For future surveillance efforts, it would be ideal to know the amount of toothpaste used when the child first started to use toothpaste and to ensure that the parent or caregiver understands the distinction between the amounts of toothpaste recommended for children and adolescents by using visual aids.

The findings suggest that children and adolescents are engaging in appropriate daily preventive dental health practices; however, implementation of recommendations is not optimal. Careful supervision of fluoride intake improves the preventive benefit of fluoride, while reducing the chance that young children might ingest too much fluoride during critical times of enamel formation of the secondary teeth. Health care professionals and their organizations have an opportunity to educate parents and caregivers about recommended toothbrushing practices to ensure that children are getting the maximum preventive effect by using the recommended amount of fluoride toothpaste under parental supervision.
 Top
Corresponding author: Gina Thornton-Evans, gdt4@cdc.gov, 770-488-5503.

 

New Sonic Toothbrush Evaluation - Brüush is a Definite Winner

The past few days I’ve been experimenting with a new sonic toothbrush.  This new device, affectionately named Brüush (note the umlaut) has been in my hands for enough time for a clinical evaluation and I’ve got to tell you that I am impressed with it.

In fact, one might say that I have a crüush on the Brüush (sorry, now that I’ve got an excuse to use an umlaut, it’s hard to control myself).  But seriously, let me tell you why I think this brush bears serious consideration by consumers.

It features the following:

• Sonic technology with over 30,000 vibrations per minute
• Rechargeable battery that lasts up to 4 weeks
• Multiple cleaning modes
• Subscription brush head delivery
• 90-day risk free trial

There are a lot of things to like here.

First is the sonic energy that the device uses.  Currently in the powered toothbrush world there are 2 types of devices.  The first is the oscillator type where the brush head is round and the brush oscillates in a partial turn clockwise then a partial turn counterclockwise motion.  This “back and forth” motion of the bristles causes them to function in a manner very similar to a manual toothbrush.  The brush is actually gear driven and is pretty hard to stop.

The second type is the sonic type.  These devices (of which Brüush is one) use a reversing polarity to cause the brush head and bristles to vibrate.  This vibration causes the bristles to move in a wave type motion several times a second and it is this motion that cleans the teeth.  Unlike the oscillating model, too much pressure on the sonic type causes the bristles to decrease or stop their vibration, thus lessening the chances of abrasion from the bristels.  The sonic energy provides a smooth efficient cleaning motion.

If you are curious how these brushes look in slow motion, here is a video:

As a personal preference, I happen to prefer sonic toothbrushes.  I feel they are easy to use due to their shape and are less damaging to delicate oral tissues.

Brüush features sonic energy of 30,000 vibrations per minute as well as a 4 week per charge battery.  The device feels incredibly good in the hand, which is something that is hard to describe here, but definitely should not be discounted by consumers.  It has a nice size handle & fits well into my palm.  Some brushes have a slick finish that makes them easy to drop, but Brüush is comfortable and not slick.

The device also has the best brush head attachment (and brush head in total) of any sonic toothbrush I have tried.  They “click” onto the handle and are very sturdy which makes them incredibly easy to use.  The power button is flush with the handle which prevents accidentally changing modes mid-brushing.

The device is also *very* affordable.  A great brush doesn’t do anyone any good if it is too expensive to own.  The kit comes with 3 brush heads, the handle, charger, and travel case all for $69 and free shipping.  I feel the value here is incredible.

The company sells brush heads on a subscription model where every 6 months you are shipped 3 new brush heads for $18 (making the price of each brush head an amazing $6!)  There is no need to keep using a frazzled and poorly functioning brush head when you can swap them out economically every 2 months.

One other thing that sets this company apart is its social mission.  The company has partnered with “A Reason To Smile” (ARTS) and donates a toothbrush, toothpaste, and fluoride treatment to a person in need for every brush head refill they sell.  That means using  Brüush isn’t only good for your teeth, it is also good for the teeth of someone who desperately needs your help!

I’m very impressed with both the product and the social conscience of this company.  While Brüush isn’t a company you’ve heard of now, I feel it will be a company you’ll know about in the future.  A great product combined with concern for their fellow man gets Brüush my highest recommendation.  Trust me when I say, you need to check these brushes out!!!

HHS Proposes New Rules to Improve the Interoperability of Electronic Health Information

 

Here is some really interesting information from the Department of Health and Human Services.  I remember back in 2006, during the George Bush 43 presidency, the word came down through HHS that the federal government was concerned about the amount of GNP that was predicted to be dedicated to the healthcare sector.  If memory serves me correctly, they were concerned that by 2020 healthcare would consume over 20% of US GNP.

 

To help control costs, the federal government was moving healthcare toward greater efficiency through the use of the EMR (Electronic Medical Record).  For those in healthcare that are digital, we can attest to how efficient these systems are.  However, interconnectedness of these systems has not always been smooth.  Now the Department of Health and Human Services is proposing new rules to help with the interoperability of these software programs and databases.

 

Here is the announcement directly from the HHS website:

 

New innovations in technology promote patient access and could make no-cost health data exchange a reality for millions
The U.S. Department of Health and Human Services (HHS) today proposed new rules to support seamless and secure access, exchange, and use of electronic health information. The rules, issued by the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC), would increase choice and competition while fostering innovation that promotes patient access to and control over their health information. The proposed ONC rule would require that patient electronic access to this electronic health information (EHI) be made available at no cost.

“These proposed rules strive to bring the nation’s healthcare system one step closer to a point where patients and clinicians have the access they need to all of a patient’s health information, helping them in making better choices about care and treatment,” said HHS Secretary Alex Azar. “By outlining specific requirements about electronic health information, we will be able to help patients, their caregivers, and providers securely access and share health information. These steps forward for health IT are essential to building a healthcare system that pays for value rather than procedures, especially through empowering patients as consumers.”

CMS’ proposed changes to the healthcare delivery system support the MyHealthEData initiative and would increase the seamless flow of health information, reduce burden on patients and providers, and foster innovation by unleashing data for researchers and innovators. In 2018, CMS finalized regulations that use potential payment reductions for hospitals and clinicians to encourage providers to improve patient access to their electronic health information. For the first time, CMS is now proposing requirements that Medicaid, the Children’s Health Insurance Program, Medicare Advantage plans and Qualified Health Plans in the Federally-facilitated Exchanges must provide enrollees with immediate electronic access to medical claims and other health information electronically by 2020.

In support of patient-centered healthcare, CMS would also require these health care providers and plans to implement open data sharing technologies to support transitions of care as patients move between these plan types. By ensuring patients have easy access to their information, and that information follows them on their healthcare journey, we can reduce burden, and eliminate redundant procedures and testing thus giving clinicians the time to focus on improving care coordination and, ultimately, health outcomes.

“Today’s announcement builds on CMS’ efforts to create a more interoperable healthcare system, which improves patient access, seamless data exchange, and enhanced care coordination,” said CMS Administrator Seema Verma.  “By requiring health insurers to share their information in an accessible, format by 2020, 125 million patients will have access to their health claims information electronically. This unprecedented step toward a healthcare future where patients are able to obtain and share their health data, securely and privately, with just a few clicks, is just the beginning of a digital data revolution that truly empowers American patients.”

The CMS rule also proposes to publicly report providers or hospitals that participate in “information blocking,” practices that unreasonably limit the availability, disclosure, and use of electronic health information undermine efforts to improve interoperability.  Making this information publicly available may incentivize providers and clinicians to refrain from such practices.

ONC’s proposed rule promotes secure and more immediate access to health information for patients and their healthcare providers and new tools allowing for more choice in care and treatment. Specifically, the proposed rule calls on the healthcare industry to adopt standardized application programming interfaces (APIs), which will help allow individuals to securely and easily access structured and unstructured EHI formats using smartphones and other mobile devices. It also implements the information blocking provisions of the 21st Century Cures Act, including identifying reasonable and necessary activities that do not constitute information blocking. The proposed rule helps ensure that patients can electronically access their electronic health information at no cost. The proposed rule also asks for comments on pricing information that could be included as part of their EHI and would help the public see the prices they are paying for their healthcare.

“By supporting secure access of electronic health information and strongly discouraging information blocking, the proposed rule supports the bi-partisan 21st Century Cures Act. The rule would support patients accessing and sharing their electronic health information, while giving them the tools to shop for and coordinate their own health care,” said Don Rucker, M.D., National Coordinator for Health IT. “We encourage everyone – patients, patient advocates, healthcare providers, health IT developers, health information networks, application innovators, and anyone else interested in the interoperability and transparency of health information – to share their comments on the proposed rule we posted today.”

Policies in the proposed CMS and ONC rules align to advance interoperability in several important ways. CMS proposes that entities must conform to the same advanced API standards as those proposed for certified health IT in the ONC proposed rule, as well as including an aligned set of content and vocabulary standards for clinical data classes through the United States Core Data for Interoperability standard (USCDI). Together, these proposed rules address both technical and healthcare industry factors that create barriers to the interoperability of health information and limit a patient’s ability to access essential health information. Aligning these requirements for payers, health care providers, and health IT developers will help to drive an interoperable health IT infrastructure across systems, ensuring providers and patients have access to health data when and where it is needed.

For a fact sheet on the CMS proposed rule (CMS-9115-P), please visit: https://www.cms.gov/newsroom/fact-sheets/cms-advances-interoperability-patient-access-health-data-through-new-proposals

For fact sheets on the ONC proposed rule, please visit: https://healthit.gov/nprm

To receive more information about CMS’s interoperability efforts, sign-up for listserv notifications, here: https://public.govdelivery.com/accounts/USCMS/subscriber/new?topic_id=USCMS_12443

To view the CMS proposed rule (CMS-9115-P), please visit: https://www.cms.gov/Center/Special-Topic/Interoperability-Center.html

CDC Claims Children in US are Using Too Much Toothpaste

 

A recent report from the Center For Disease Control states that nearly 40% of kids aged three to six are using more toothpaste than dental professionals recommend.

 

This information was released in CDC’s weekly Morbidity and Mortality Weekly Report (MMWR).

 

Here is the CDC information direct from the CDC website:

 

Fluoride use is one of the main factors responsible for the decline in prevalence and severity of dental caries and cavities (tooth decay) in the United States (1). Brushing children’s teeth is recommended when the first tooth erupts, as early as 6 months, and the first dental visit should occur no later than age 1 year (2–4). However, ingestion of too much fluoride while teeth are developing can result in visibly detectable changes in enamel structure such as discoloration and pitting (dental fluorosis) (1). Therefore, CDC recommends that children begin using fluoride toothpaste at age 2 years. Children aged <3 years should use a smear the size of a rice grain, and children aged >3 years should use no more than a pea-sized amount (0.25 g) until age 6 years, by which time the swallowing reflex has developed sufficiently to prevent inadvertent ingestion. Questions on toothbrushing practices and toothpaste use among children and adolescents were included in the questionnaire component of the National Health and Nutrition Examination Survey (NHANES) for the first time beginning in the 2013–2014 cycle. This study estimates patterns of toothbrushing and toothpaste use among children and adolescents by analyzing parents’ or caregivers’ responses to questions about when the child started to brush teeth, age the child started to use toothpaste, frequency of toothbrushing each day, and amount of toothpaste currently used or used at time of survey. Analysis of 2013–2016 data found that >38% of children aged 3–6 years used more toothpaste than that recommended by CDC and other professional organizations. In addition, nearly 80% of children aged 3–15 years started brushing later than recommended. Parents and caregivers can play a role in ensuring that children are brushing often enough and using the recommended amount of toothpaste.

NHANES is a multistage probability sample of the noninstitutionalized U.S. population; data are obtained from assessments made using interview questionnaires and clinical examinations (5). This analysis was limited to children and adolescents aged 3–15 years whose parent or caregiver completed the following open-ended questions: “At what age did study participant (SP) start brushing (his/her) teeth?” and “At what age did (SP) start using toothpaste?” The responses were coded into the following four categories: <1 year, 1 year, 2 years, and ≥3 years. Response to the question “How many times (do you/does SP) brush (his/her) teeth in one day?” was recoded into the following three categories: 1 time, 2 times, and 3–6 times. To estimate the amount of toothpaste used, parents were asked, “On average, how much toothpaste (do you/does SP) use when brushing (his/her) teeth?” Responses, based on the amount of toothpaste on the toothbrush, were categorized as smear, pea size, half load, and full load. All analyses were performed using statistical software that accounted for the complex sample design of NHANES. All estimates were obtained using the interview sample weights. Chi-squared tests were used to assess the association between toothbrushing and toothpaste use behaviors and sociodemographic characteristics, and a p-value <0.05 was considered to be statistically significant (5).

A total of 5,157 children and adolescents aged 3–15 years were included in this analysis (Table 1). Approximately half (51%) were non-Hispanic white (white), 14.4% were non-Hispanic black (black), and 15.9% were Mexican-American. More than half (52.8%) were from households earning ≥200% of the federal poverty level, and more than two thirds (69.1%) of heads of households had completed more than a high school education. Overall, 20.1%, 38.8%, 26.6%, and 14.5% of children and adolescents were reported to have started brushing their teeth at age <1 year, 1 year, 2 years, and ≥3 years, respectively (Table 2). Approximately 60% of white and black children were reported to have started toothbrushing at age ≤1 year, including 22.9% and 18.6%, respectively, at age <1 year, and 40.8% and 40.0%, respectively, at age 1 year. Among Mexican-American children, nearly half (49.3%) were reported to have started toothbrushing at age ≤1 year, including 15.4% at age <1 year and 33.9% at age 1 year. More than one fifth (22.6%) of Mexican-American children were reported to have initiated toothbrushing at age ≥3 years, compared with 11.4% of white children and 13.9% of black children. Among children living with a head of household with less than a high school education, 44.5% were reported to start tooth-brushing at age ≤1 year compared with 63.2% of those living with a head of household with higher than a high school education. Overall, 60.5% of children aged 3–15 years were reported to brush their teeth twice a day.

Initiation of toothpaste use at age <1 year, 1 year, 2 years, and ≥3 years was reported for 9.0%, 35.2%, 32.7%, and 23.1% of children, respectively. Overall, 8.9%, 10.8%, and 7.7% of white, black, and Mexican-American children, respectively, were reported to have started to use toothpaste at age <1 year, whereas 21.4%, 17.3%, and 31.2% of white, black, and Mexican-American children, respectively, were reported to have started at age ≥3 years. Among children living with a head of household with less than a high school education, nearly 6% were reported to have commenced using toothpaste at age <1 year, compared with 10.6% whose head of household had a high school diploma and 9.3% whose head of household had more than high school education (Table 3).

Approximately 60% of children and adolescents aged 3–15 years reported using a half load (28.7%) or full load (31.4%) of toothpaste when brushing. Among children aged 3–6 years, the reported amount of toothpaste varied: 12.4% used a smear, 49.2% used a pea-sized amount, 20.6% used a half load, and 17.8% used a full load (Table 3).
 
Discussion
CDC recommends that all persons drink optimally fluoridated water (0.7 mg/L) and if aged ≥2 years, brush their teeth twice daily with a fluoride toothpaste to reduce the risk for dental caries (1). CDC also advises parents to consult with their child’s dentist or physician before introducing fluoride toothpaste to children aged <2 years (6). The American Academy of Pediatrics (AAP), American Academy of Pediatric Dentistry (AAPD), and American Dental Association (ADA) recommend fluoride toothpaste for all children and limit the amount of toothpaste used by children aged <3 years to a “smear” the size of a grain of rice (2–4). In this study, >38% of children aged 3–6 years reportedly used a half or full load of toothpaste, exceeding current recommendation for no more than a pea-sized amount (0.25 g) and potentially exceeding recommended daily fluoride ingestion (1,6). In addition, some children, particularly Mexican-Americans, were reported to have started brushing their teeth and using toothpaste at age ≥3 years, which is later than is recommended. Similarly, some children living in a low-income household or one in which the head of household had less than a high school education were reported to start toothbrushing at age ≥3 years. Recommendations aim to balance the benefits of fluoride exposure for prevention of dental caries with the potential risk for fluorosis when excessive amounts of fluoride toothpaste are swallowed by young children. The findings from this study highlight the importance of recommendations that parents supervise young children during brushing and monitor fluoride ingestion (7–10).

Recently, CDC and AAP have begun collaborative work to develop messages targeted at pregnant women and new mothers regarding recommended toothbrushing practices. CDC, AAP, AAPD, and ADA recommend that children aged 3–6 years brush their teeth twice daily using a pea-sized amount of fluoride toothpaste. Supervision is emphasized as a critical role for the parent or caregiver as the child first begins using a toothbrush and toothpaste.

The findings in this report are subject to at least three limitations. First, the measures used are based on parents’ self-report, so reporting bias is possible. Second, the question about the amount of toothpaste used focuses on the amount currently used and therefore might overestimate the amount that was used at younger ages. Finally, the type of toothpaste (fluoride versus nonfluoride) was not specified. Use of these self-report questions is part of the CDC Division of Oral Health’s surveillance plan to improve and monitor fluoride exposure. For future surveillance efforts, it would be ideal to know the amount of toothpaste used when the child first started to use toothpaste and to ensure that the parent or caregiver understands the distinction between the amounts of toothpaste recommended for children and adolescents by using visual aids.

The findings suggest that children and adolescents are engaging in appropriate daily preventive dental health practices; however, implementation of recommendations is not optimal. Careful supervision of fluoride intake improves the preventive benefit of fluoride, while reducing the chance that young children might ingest too much fluoride during critical times of enamel formation of the secondary teeth. Health care professionals and their organizations have an opportunity to educate parents and caregivers about recommended toothbrushing practices to ensure that children are getting the maximum preventive effect by using the recommended amount of fluoride toothpaste under parental supervision.
 
Corresponding author: Gina Thornton-Evans, gdt4@cdc.gov, 770-488-5503.

What Happens on Your iPhone Stays on Your iPhone... Sort Of

 

With the recent discovery of a few apps in the Apple Store that were sending your data out to remote servers, Apple has become more than a little concerned about the privacy of its users.  For years Apple has made a point of letting users know they support privacy and have been pretty staunch defenders of that.  They have refused to yield to the FBI demands to unlock phones and other powers that be have tried to force them to build in backdoors so that access can be easily gained even if the user forbade it.  Every step of that journey, Apple has fought for the user and I appreciate that.  I have a suspicion that Thomas Jefferson would have felt the same way.

 

However, in the last month or 2 there have been some things that have come to light about Apple approved apps that are stealing your data and habits and then sending them along to servers without your knowledge or permission.

 

The latest news comes due to an investigation by one of my favorite sites TechCrunch.  Now personally I don’t mind if people know what I’m doing as long as I give them permission first.  What really frosts me though is when they just start monitoring me like the kid that used to sit behind me in Psychology 101 and copy my test answers without my permission.  That is the point where I get seriously ticked off.  

 

So I was pretty happy when TechCrunch investigated and reported that major companies, like Expedia, Hollister and Hotels.com, were using a third-party analytics tool to record every tap and swipe inside their apps.  TechCrunch also discovered that none of the apps tested asked the user for permission, and none of the companies said in their privacy policies that they were recording a user’s app activity.  AND while the right thing to do would at least be to encrypt the data they were stealing, some things like passport numbers and credit card numbers were leaking.  Heck, no big deal it’s ONLY your passport and your credit cards.

 

Apple was not happy about this.  In fact  they expressly forbid this type of behavior.  In order to collect user data, Apple requires that a user be notified and agree with the collection practices.  Apple then sent an email to the companies stating:

“Your app uses analytics software to collect and send user or device data to a third party without the user’s consent. Apps must request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity,” Apple said in the email.

So the good news is that this situation appears to be on the path to being rectified.  Of course the bad news is that it had to be rectified in the first place.

 

I’d like to thank TechCrunch for their research and reporting on this.  By bringing the system into the world of Apple and its users, they directly impacted getting this situation fixed.

 

I’d also like to issue a big “Mahalo” to Patrick Wardle.  He is the Chief Researcher Officer and Founder at Digita Security.  Patrick is one of the security professionals who discovered that the app Adware Doctor was stealing users browser history and sending it to a hidden server in China.  This discovery in September 2018 helped trigger this entire examination of app security in the Apple App Store.  He deserves a lot of kudos.  It goes to show that one man with a mission can impact the security of millions and I for one am grateful.

 

 

 

 

 

 

Cottage Health Settles with OCR for $3 Million Penalty Over 2 Data Breaches

 

A Health Care group called Cottage Health has agreed to a settlement with the federal government over 2 separate data breaches.  Interestingly the $3 million fine is due to TWO separate data breaches.  One occurred in 2013 and the other in 2015.  Combined, these 2 breaches exposed the PHI (Protected Health Information) of 62,500 patients.

 

The first incident was, unfortunately, almost comical.  A server was misconfigured during security setup  which gave access to anyone without the use of a username or password.  The exposed data consisted of names, addresses, dates of birth, diagnoses, lab results, and other treatment information of more than 32,000 patients.  Yikes!

 

The second occurred when a server needed service and the IT personnel misconfigured the unit during the incident repair.  The resulting security hole left patient names, addresses, dates of birth, Social Security numbers, diagnoses, medical conditions, and other treatment details exposed over the Internet.

 

In addition to these problems Cottage Health also failed to obtain a BAA (Business Associate Agreement) with a contractor that maintained PHI for the company.

 

For those of you who are unfamiliar with the term BAA or are just a little fuzzy on the whole concept, here is some info on Business Associates directly from the Department of Health and Human Services (HHS):

By law, the HIPAA Privacy Rule applies only to covered entities – health plans, health care clearinghouses, and certain health care providers. However, most health care providers and health plans do not carry out all of their health care activities and functions by themselves. Instead, they often use the services of a variety of other persons or businesses. The Privacy Rule allows covered providers and health plans to disclose protected health information to these “business associates” if the providers or plans obtain satisfactory assurances that the business associate will use the information only for the purposes for which it was engaged by the covered entity, will safeguard the information from misuse, and will help the covered entity comply with some of the covered entity’s duties under the Privacy Rule. Covered entities may disclose protected health information to an entity in its role as a business associate only to help the covered entity carry out its health care functions – not for the business associate’s independent use or purposes, except as needed for the proper management and administration of the business associate.  

 

The OCR then began an investigation into the “why’s and how’s” of these breaches.

 

Compounding the IT mistakes listed above was what the Office of Civil Rights referred to as failing to implement security measures "sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level."

 

This lead the OCR to also require Cottage Health to abide by a corrective action plan.

 

I’m posting this info to help colleagues understand the importance of data security and to be proactive in protecting PHI.  I’ll end this post with a quote from the Director of OCR.

 

“Our record year underscores the need for covered entities to be proactive about data security if they want to avoid being on the wrong end of an enforcement action,” OCR Director Roger Severino, said in a statement. “Information security is a dynamic process and the risks to ePHI may arise before, during, and after implementation covered entity makes system changes.”