Monthly Archives: May 2010

One-fourth of reported HIPAA breaches involve laptops – FierceMobileHealthcare

Last year, the HHS Office for Civil Rights started posting online a list of reported breaches of unsecured health data affecting at least 500 people. About one-quarter of all listed incidents involved laptops, and close to one-eighth were the result of a lost or stolen portable device or USB drive.

via One-fourth of reported HIPAA breaches involve laptops – FierceMobileHealthcare.

Patients Question HIPAA Provision That Allows Use Of Patient Data For Fundraising

The federal law known as HIPAA that is meant to protect the privacy of patients “specifically allows medical centers to use patient information for fundraising activities,” The Seattle Times reports. “Information about diagnosis or treatment is off-limits, but federal and state laws allow hospitals, in most cases, to use a patient's name, address, contact information, dates of hospital service, gender, age and insurance status in fundraising efforts.”

via Patients Question HIPAA Provision That Allows Use Of Patient Data For Fundraising.

OCR Building HIPAA Audit Plan With Outside Help

HIPAA's privacy and security enforcer has hired an outside firm to help build its HITECH-required HIPAA auditing plan, the government agency tells HealthLeaders Media.

The Office for Civil Rights (OCR), which carries out for the Department of Health & Human Services (HHS) enforcement of the HIPAA privacy and security rules, says it does not have a timetable for when the audit plan begins.

via OCR Building HIPAA Audit Plan With Outside Help.

AMA and AOA Sue Federal Trade Commission to Exclude Physicians From “Red Flags Rules”

The American Medical Association (AMA) and the American Osteopathic Association (AOA) today filed a lawsuit against the US Federal Trade Commission (FTC) to prevent the agency from subjecting medical practices to identify-theft regulations called “Red Flags Rules.”

via AMA and AOA Sue Federal Trade Commission to Exclude Physicians From “Red Flags Rules”.

HHS Issues RFI on Accounting for Disclosures Through an EHR

On May 3, 2010, the Office for Civil Rights of the U.S. Department of Health & Human Services HHS issued a Request for Information RFI on the provisions of the Health Information Technology for Economic and Clinical Health HITECH Act that expand the requirements for accounting of disclosures of patients' protected health information PHI to include disclosures made through an electronic health record EHR for treatment, payment and health care operations purposes.

via The Politics of Health Care : HHS Issues RFI on Accounting for Disclosures Through an EHR.

Car hackers can kill brakes, engine, and more

In a paper set to be presented at a security conference in Oakland, California, next week, the security researchers say that by connecting to a standard diagnostic computer port included in late-model cars, they were able to do some nasty things, such as turning off the brakes, changing the speedometer reading, blasting hot air or music on the radio, and locking passengers in the car.

via Car hackers can kill brakes, engine, and more.

Ukrainian arrested in India on TJX data-theft charges

Ukrainian national has been arrested in India in connection with the most notorious hacking incident in U.S. history.

Sergey Valeryevich Storchark was one of 11 men charged in August 2008 with hacking into nine U.S. retailers and selling tens of millions of credit card numbers. He was arrested in India earlier this week, according to a spokesman with India's Central Bureau of Investigation (CBI)

via Ukrainian arrested in India on TJX data-theft charges.

OCR Boosting HIPAA Security Enforcement

The health care industry can soon expect a greater emphasis on enforcing the HIPAA security rule than in years past.

That’s the message that Susan McAndrew, deputy director for privacy at the Department of Health and Human Services’ Office for Civil Rights, delivered May 11 at the Safeguarding Health Information conference in Washington. OCR sponsored the conference with the National Institute of Standards and Technology.

via OCR Boosting Security Enforcement.

NIST Seeks Comments on Security Controls Guide

The final draft of SP 800-53A, Revision 1 – Guide for Assessing the Security Controls in Federal Information Systems and Organizations, is the third in the series of publications and incorporates best practices in information security. The guideline includes security control assessment procedures for national security and non-national security systems and is intended to support a variety of assessment activities in all phases of the system development life cycle, including development, implementation and operation.

via NIST Seeks Comments on Security Controls Guide.

New Version 3.0 of the PIN Transaction Security (PTS) Point of Interaction (POI) standard

A new measure to strengthen credit card data protection was released by the PCI Security Standards Council today.

Version 3.0 of the PIN Transaction Security (PTS) Point of Interaction (POI) standard is designed to streamline and simplify testing and implementation by providing a single set of modular evaluation requirements for all Personal Identification Number (PIN) acceptance Point of Interaction terminals. This standard is meant to enhance and prevent payment card fraud on devices that accept payment transactions and will cover everything from retail point of sale card readers to unattended payment terminals at gas stations and parking lots.

via New PCI Standard Announced.