Monthly Archives: October 2009

Latest Reform Bill Would Revise HIPAA Standards, Track Medical Devices – iHealthBeat

HIPAA Transactions

The latest House bill also includes a provision to establish national standards for electronic claims submission and other HIPAA transactions.

The provision calls for officials to develop data exchange capabilities that can:

* Determine a patient’s financial responsibility at the point of service;

* Enable real-time claims adjudication;

* Harmonize data sets from administrative and clinical transactions; and

* Support machine-readable identification cards.

via Latest Reform Bill Would Revise HIPAA Standards, Track Medical Devices – iHealthBeat.

Agency Infosec Spend a Mystery to OMB

The White House Office of Management and Budget does not know how much its departments and agencies specifically spend on IT security, Federal CIO Vivek Kundra told a Senate panel Thursday.

Kundra said he was shocked to learn that the OMB never collected from agencies specific IT security expenditures, just aggregate data, when he took over earlier this year as the OMB’s administrator for e-government and IT, his statutory title.

via Agency Infosec Spend a Mystery to OMB.

Tokenization Vs. End to End Encryption #PCI

A recent study conducted by PriceWaterhouseCoopers on behalf of the Payment Card Industry Security Standards Council shows that end to end encryption and tokenization are the top choices for companies seeking to employ new emerging technologies to protect payment card and other critical data. And both approaches have their public proponents, including Heartland Payment Systems (HPY) CEO Robert Carr, who’s been encryption’s most vocal supporter in the wake of his organization’s historic breach.

via Tokenization Vs. End to End Encryption: Experts Weigh in.

Call centre data standards ‘routinely ignored’ #PCI

More than 95% of call centres were found to store customers’ credit card details in recordings of phone conversations in breach of industry rules, according to a survey conducted by a call recording technology company.

Veritape said that when it talked to 133 call centre managers, only 39% of them knew about industry rules against the storing of the information and just 3% of them wiped credit card numbers from recordings of phone calls. Veritape provides call recording services to the call centre industry.

via Survey: Call centre data standards ‘routinely ignored’ • The Register.

DHS agencies don’t sustain info security programs, IG says — Federal Computer Week

Homeland Security Department agencies don’t sustain their information security programs year-round or perform continuous monitoring to maintain systems’ accreditations and action plans, according to DHS Inspector General Richard Skinner.

The IG’s findings come from an annual independent evaluation of the department’s information security programs required by the Federal Information Security Management Act (FISMA)

via DHS agencies don’t sustain info security programs, IG says — Federal Computer Week.

New ID theft rules may not pertain to small businesses – SC Magazine US

The rules, developed in accordance with the Fair and Accurate Credit Transactions Act of 2003 (FACTA), require financial institutions and other organizations classified as “creditors” to develop programs to identify, detect and respond to indications of identity theft. A bill passed this week would amend FACTA and exclude health care, accounting and legal practices with 20 or fewer employees from having to comply with the regulations, set to be enforced starting next month.

via New ID theft rules may not pertain to small businesses – SC Magazine US.

Medical Records: Stored in the Cloud, Sold on the Open Market | Threat Level | Wired.com

When patients visit a physician or hospital, they know that anyone involved in providing their health care can lawfully see their medical records.

But unknown to patients, an increasing number of outside vendors that manage electronic health records also have access to that data, and are reselling the information as a commodity.

via Medical Records: Stored in the Cloud, Sold on the Open Market | Threat Level | Wired.com.