Author Archive
HHS Proposal covers chain of subcontractors – HIPAA
A key provision of the pending rules would make “downstream” healthcare subcontractors subject to HIPAA’s privacy and security requirements. HIPAA, as bolstered under the HITECH Act, already considers a health information exchange as a “business associate” of organizations covered by the law. Business associates are required to sign contacts that bind them to HIPAA.The proposed [...]
OMB Completes HIPAA Rules Review
The Office of Management and Budget (OMB) has finished its review of proposed rules related to changes to HIPAA privacy and security rules, meaning the rules could hit the streets this week. The OMB reports that it has concluded its regulatory review of the rules HHS sent in April. via OMB Completes HIPAA Rules Review.
Health Net of the Northeast will pay $250,000 in fines
Health Net of the Northeast will pay $250,000 in fines to Connecticut as part of a settlement regarding a lost or stolen hard-drive that contained medical records and personal information of 1.5 million people, including 446,000 in Connecticut. via Insurance Capital – News, Conversation and Links about Connecticut’s Insurance Industry.
IRS fails to identify contractors with access to taxpayer data
The Internal Revenue Service risked disclosing taxpayer information when it failed to identify contractors that had access to financial records and to fix known security weaknesses at facilities where files are stored. According to an audit released on Tuesday by the Treasury Inspector General for Tax Administration, the IRS did not identify all the vendors [...]
AMR Corporation Sends Letters to Certain Retirees and Employees Regarding Data Compromise and Offer
Today, AMR Corporation , the parent company of American Airlines, Inc., sent letters to potentially affected retirees, former employees, and a limited number of current employees about a compromise of certain personal information. The data, which had been kept by AMR’s pension department, spans a time period from 1960 through 1995, and consists of images [...]
Visa tightens rules for small sellers • The Register
From 1 July small and medium enterprises using electronic point of sale terminals and e-commerce systems need to reach basic compliance with an entry-level version of the standard or face higher merchant fees or, in extreme cases such as in the aftermath of security breaches, the withdrawal of merchant statuses. Larger firms need to comply [...]
NIST Revises Security Controls Bible SP 800-53A, Revision 1
NIST Special Publication 800-53 – the bible for federal government chief information security officers as well as others charged with securing their organizations IT systems – has been revised by the National Institute of Standards and Technology. NIST Tuesday issued SP 800-53A, Revision 1, Guide for Assessing the Security Controls in Federal Information Systems and [...]
Tokenization and encryption for #PCI compliance
Tokenization and encryption may be the best solution to one of the biggest data-security challenges facing merchants: how to protect confidential payment card information against emerging threats without disrupting normal business operations. That’s according to a security brief released on Tuesday by RSA, the Security Division of EMC. Security experts from processor First Data Corp. [...]
PCI Standards Stretched To Three-Year Cycle
Merchants have gained some welcome breathing room for complying with PCI: The PCI Standards Council today announced its standards cycle will move from a two- to three-year cycle.The extra year between new versions of the PCI DSS, PA-DSS, and PCI DTS standards came in response to complaints from merchants and others in the secure payment [...]
Do You Have What It Takes To Pass Your Payment Card Industry Audit? #PCI
With every company reliant on software to run its business, an alarming rise in data breach incidents across industries, but especially credit card processing, means application security is becoming an increasingly critical part of any organisation’s overall IT security strategy. For organisations that store, transmit or process credit card information, it is vital as they [...]
