Activation of Delivery Points and Facility Enrollment

Activation of Delivery Points and Facility Enrollment
Slide Note
Embed
Share

The activation of delivery points and facilities enrollment for Chaka Female Hospital, Paw Ki Devi, and other health institutions in the region. Detailed case studies and strategies for improving maternal healthcare services are discussed, along with the involvement of various healthcare professionals and task forces

  • Healthcare
  • Maternal Care
  • Facility Enrollment
  • Delivery Points
  • Case Studies
constant_t
constant_t Follow

Uploaded on Mar 04, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Dittman Richard Warner, Professor, Chicago-Kent College of Law

  2. Security: Big Picture Law CS Experience and theory Facts of the case Threats Reasonable security Best practices Policies Cases are examples of what NOT to do Implementation Best practices

  3. Our Problem For Now: What Is Reasonable Security? When the CEO asks the lawyer, what should I do about network security, what does the lawyer say? We gave one answer last time.

  4. The Risk Management Answer Defenders should adequately approximate this risk management goal: Choose defensive measures to minimize the following sum: the cost of the defensive measures, and all the expected losses with those defensive measures.

  5. We Need More of an Answer Law CS Experience and theory Facts of the case Threats Reasonable security Best practices Policies Cases are examples of what NOT to do Implementation Best practices Suppose the CEO asks, Do we do that already? How do we tell when a particular network configuration meets our abstract risk management goal?

  6. United Center Analogy: Enough Locks, Guards, and Training?

  7. The Argument in Kline (1) The tenants cannot adequately defend themselves. (2) The landlord can adequately defend them. (3) The losses are predictable and calculable. Kline: The landlord best equipped to guard against the predictablerisk of intruders. And: not just predictable. The expected losses are calculable. So the landlord knows how much to spend on security. (4) Therefore, the tenants should not bear the losses.

  8. The Kline Argument for Dittman (1) The employees cannot adequately defend data about them held by their employer. (2) The employer can adequately defend the data. (3) The losses are predictable and calculable. (4) Therefore, employer not the employees should bear the losses.

  9. Just Collecting and Storing? Someone who performs an affirmative act has a duty to others to exercise reasonable care to protect them against an unreasonable risk of harm to them arising out of the act. See the Restatement (Second) of Torts), Section 302 cmt. a. What was the affirmative conduct in Dittman? The Court describes it as collecting and storing Employees' data on its computer systems (p.___). Is this consistent with Kline?

  10. Consistent With Kline? Kline bases the landlord s duty of reasonable care in part on the fact that the landlord was in the best position to prevent crime in the common areas. Think of the stored data as analogous to the tenants in Kline. What in Dittman is analogous to the common areas in Kline? Is UMPC in the best position to prevent criminal data breaches in those common areas ?

  11. What does Dittman tell you about the required level of care? Suppose you want to know how fast you can reasonably drive on an icy road, and someone tells you correctly that it would be unreasonable to drive at 100 miles an hour. That does not tell you at what speed you should drive to be reasonable. It just tells you what not to do. Dittman is similar. It tells one that it is unreasonable to fall as far short as UMPC did in regard to encryption, firewalls, and authentication. This is not a criticism of Dittman.

  12. What Does Tort Law Tell You? Tort law does not specify safe harbors applicable to a wide range of circumstances. When defendants actions are found to be unreasonable, it tells one that similar actions in similar circumstances may be unreasonable. When defendants are held to have acted reasonably, it tells one that that similar actions in similar circumstances may be reasonable. It does not tell one in general what would count as a reasonable use of encryption, authentication, network segmentation, and deployment of firewalls and network intrusion detection.

  13. Was the attack foreseeable? In Dittman, the employees claim that large stores of data on Internet-accessible computers are a predictable target of attack by cybercriminals, and on that basis they conclude that the attack was foreseeable. The Kline court points out this error: a predictable event can have a very low probability of occurring. The chance of a fatal airline accident is predictable: 1 in 11 million. That does not make it foreseeable in the sense negligence requires.

  14. Compare Palsgraf Does storing data on a computer connected to the internet put the owner on notice of the risk of a breach just as much as the explosives label would have put the railroad attendant on notice? (a) Yes (b) No

  15. Considering Public Policy The trial and appeals courts considered whether it was in the public interest to make entities collecting and storing information online liable to the subjects of that information for harms from data breaches.

  16. Public Policy Continued The Pennsylvania Supreme Court held that there was no need to address the public policy questions on the ground that is unnecessary to conduct a full-blown public policy assessment in every instance in which a longstanding duty imposed on members of the public at large arises in a novel factual scenario. Common-law duties stated in general terms are framed in such fashion for the very reason that they have broad-scale application.

  17. An Analogy: The T. J. Hooper A tug, the T. J. Hooper, encountered a storm and sank along with the barges it was towing. It did not have a shortwave radio. With one, it would have received weather reports, and stopped to avoid the storm. Shortwave radios were new, and tugs did not normally have one. The court held that the tug was negligently because it lacked shortwave radios.

  18. Low Cost, Easy Calculation The tug was negligent. First, using a shortwave radio was a very inexpensive way to reduce the expected losses of towing barges along the Atlantic coast. Second, it is very easy for a tug boat owner to figure that out. Radios were inexpensive while eventually encountering a large storm with the potential of causing large losses is highly likely for a tug that constantly goes up and down the Atlantic coast.

  19. Networks Are Not the Same Not a small, single expense like buying a shortwave radio. A significant investment in an array of devices and procedures. Not a simple, commonsense calculation. The relevant information is spread over millions of geographically dispersed consumers, all of whom vary in the extent to which the data breach is likely to harm them. Indeed, we lack reliable aggregate data, and . . .

  20. But . . . But even if is not necessary in every instance, it still is necessary in some instance. (a) True (b) False

  21. Defense Investment Spectrum Over investment Under investment Wastes time, effort money, puts privacy at risk Adequate security Inadequate security = cost of defense = expected loss with defense Saves money

  22. Defense Investment Spectrum Over investment Under investment Here the risk of loss outweighs the social utility of data storage Adequate security Inadequate security = cost of defense = expected loss with defense

  23. An Adequate Incentive To Defend? Two types of losses, two risk management goals. Business losses Lost sales, theft of intellectual property, regulatory fines, and so on. Consumer losses Losses from unauthorized access to information held by businesses Identity theft, credit card fraud, a sense of invaded privacy, and so on.

  24. Two Risk Management Goals The business risk management goal: minimize the sum of the cost of the defensive measures and all the expected business losses with those defensive measures. The consumer (employee) risk management goal: minimize the sum of the cost of the defensive measures and all the expected consumer (employee) losses with those defensive measures.

  25. Inadequate Business Defense Businesses fail to adequately approximate the business risk management goal. That is surprising. The profit-maximizing strategy is to approximate that goal So why don t they? Corporate culture Still struggles to incorporate the risk management goal. Lack of necessary information

  26. Inadequate Defense of Data Subjects Businesses also fail to adequate approximate the consumer (employee) risk management goal. That is no surprise. Profit-driven businesses ignore consumer losses unless those losses also impose significant losses on the business.

  27. One More InterestRecall Kline The dissent in Kline raises an important complication: Landlords will pass the cost of additional precautions on to tenants in the form of increased rents. Suppose: Rents increase in all dangerous neighborhoods as all landlords improves security. Tenants who cannot afford increased rents move to less safe neighborhoods. Overall, the safety of tenants does not increase. Society as a whole has an interest in adequate housing and adequate safety.

  28. Cybersecurity Societal Interests Societal interests: Adequate information security and privacy. Market conditions under which businesses can flourish. We will address the question of how to take societal interests into account later.

  29. Who Is The Best Defender? Dittman rests on two crucial two points. One is that UMPC s collecting and storing employee data created a risk of a data breach by third parties. The other is that the harm that did occur was within the scope of that risk. In Blackbaud the defendant claims that neither point applies to it because, as a software-as-a-service (SaaS) provider, its clients control the data they store with Blackbaud. The court rejects Blackbaud s claim. In doing so, it makes it clear that the answer to Who is in the best position to defend against unauthorized access? plays a key role in assigning liability.

Related


ACU 2024 Benefits Open Enrollment Details

ACU 2024 Benefits Open Enrollment Details

idrees
Prevalence of KIT D816V Mutation in Patients with Systemic Mast Cell Activation

Prevalence of KIT D816V Mutation in Patients with Systemic Mast Cell Activation

zavier
Unlock the full potential of Windows 10 with a best Genuine Activation Key

Unlock the full potential of Windows 10 with a best Genuine Activation Key

buyantiviruskey
Dual Enrollment and Concurrent Enrollment

Dual Enrollment and Concurrent Enrollment

minna
The Nutrition Cluster Activation and Core Functions

The Nutrition Cluster Activation and Core Functions

isolde
Thrombolytic Therapy and Plasminogen Activation

Thrombolytic Therapy and Plasminogen Activation

rosiya
Overview of Master Facility Lists in Nigeria: Rollout of Health Facility Registry

Overview of Master Facility Lists in Nigeria: Rollout of Health Facility Registry

irma
Steps to Establish a Master Facility List in Health Facility Registry

Steps to Establish a Master Facility List in Health Facility Registry

mikayla
Advanced Emergency Braking System (AEBS) Definition and Activation Guidelines

Advanced Emergency Braking System (AEBS) Definition and Activation Guidelines

aaravclark
RRM Enhancement for NR and MR-DC: PUCCH SCell Activation Requirements

RRM Enhancement for NR and MR-DC: PUCCH SCell Activation Requirements

mordecai
Shadow Opinion on Activation Purposes Proposal: Insights and Recommendations

Shadow Opinion on Activation Purposes Proposal: Insights and Recommendations

tais752
Kaukauna Area School District 2022-2023 Budget Hearing and Enrollment Summary

Kaukauna Area School District 2022-2023 Budget Hearing and Enrollment Summary

din_ay
Emergency Operations Activation Levels in Healthcare

Emergency Operations Activation Levels in Healthcare

christoph
DL Synchronization and TCI State Activation Discussion

DL Synchronization and TCI State Activation Discussion

nol_mc
Agreements on Core Requirement Maintenance of Direct SCell Activation

Agreements on Core Requirement Maintenance of Direct SCell Activation

altenburg_m
Enrollment Management System Overview

Enrollment Management System Overview

darielle
Activation Rate in Link 2017: Insights and Strategies

Activation Rate in Link 2017: Insights and Strategies

im_iya
RWA Housing Society Activation BTL Activation

RWA Housing Society Activation BTL Activation

Prachi
Activation and Smart Safety Nets in the Western Balkans: Addressing Employment Challenges

Activation and Smart Safety Nets in the Western Balkans: Addressing Employment Challenges

nevinwa
Chemical Kinetics: Reaction Rates and Activation Energy

Chemical Kinetics: Reaction Rates and Activation Energy

trishikar
Enrollment Management Plan Overview

Enrollment Management Plan Overview

aier238
Activation Programmes & Policies in OIC Member States by Chris Melvin

Activation Programmes & Policies in OIC Member States by Chris Melvin

isador

More Related Content