The Department of the Interior has once again failed to comply with the Federal Information Security Act in fiscal 2009, the department’s inspector general said last week. A new IG report blamed a decentralized organization structure, fragmented IT governance processes, lack of oversight, bureau resistance to departmental guidance and use of under-qualified personnel to perform significant IT securities duties.
via IG: Interior fails to comply with FISMA again – FierceGovernmentIT.
A U.S. House subcommittee approved Nov. 4 the Cybersecurity Coordination and Awareness Act, legislation that would require NIST (National Institute of Standards and Technology) to develop and implement a plan to ensure coordination within the U.S. government with regard to the development of international cybersecurity technical standards.
via House Panel Approves Cyber-security Awareness Act.
The U.S. Senate Judiciary Committee passes two bills that establish federal guidelines for data breach notifications.
Two sweeping bills that would set new standards for data breach notifications made their way out of the Senate Judiciary Committee Nov. 5.
The committee voted yes on the Personal Data Privacy and Security Act of 2009 (S.1490) and the Data Breach Notification Act (S.139). The vote means the bills are now headed to the full Senate for its stamp of approval.
via Senate Committee Passes Data Breach Laws.
The Cyberscope system, a new tool released by The Office of Management and Budget that allows federal agencies to report FISMA compliance through an authenticated web-based reporting, is a step in that direction. “We’re moving from a manual, reporting-based, compliance-focused approach to a real-time measurement of actual cybersecurity,” said Kundra, of the “Cyberscope” system that debuted in October. “You cannot address real-time threats with a solution that’s focused on reporting requirements on a quarterly basis.”
via ExecutiveBiz Blog» Blog Archive » Vivek Kundra: Cybersecurity dashboard on its way.
Here’s how it typically happens: Someone steals your Social Security or insurance policy numbers and uses it to pose as you to illegally obtain medical care. Since the provider thinks the impostor is the real you, information concerning the impostor’s condition and treatment is added to your medical record. Not only is this fraud, but it can also lead to misdiagnosis and significant personal harm.
via A HIPAA Twist That Can Hurt – Tech Insider.
Under the interim final rule published Friday, the following penalties for HIPAA violations will apply on or after Nov. 30:
# The minimum civil penalty is $100 per violation if the covered entity was unaware of it and, by exercising reasonable diligence, would not have known about the violation.
# The minimum civil penalty is $1,000 per violation for those that were the result of “reasonable cause” involving circumstances that would make it unreasonable for the covered entity to comply.
via HHS publishes interim final HIPAA rule | Business Insurance.
HIPAA Transactions
The latest House bill also includes a provision to establish national standards for electronic claims submission and other HIPAA transactions.
The provision calls for officials to develop data exchange capabilities that can:
* Determine a patient’s financial responsibility at the point of service;
* Enable real-time claims adjudication;
* Harmonize data sets from administrative and clinical transactions; and
* Support machine-readable identification cards.
via Latest Reform Bill Would Revise HIPAA Standards, Track Medical Devices – iHealthBeat.
The Office of Management and Budget this month unveiled an interactive collection tool called CyberScope that should help agencies fulfill their IT security reporting requirements under the Federal Information Security Management Act.
via Automated FISMA Reporting Tool Unveiled.
The White House Office of Management and Budget does not know how much its departments and agencies specifically spend on IT security, Federal CIO Vivek Kundra told a Senate panel Thursday.
Kundra said he was shocked to learn that the OMB never collected from agencies specific IT security expenditures, just aggregate data, when he took over earlier this year as the OMB’s administrator for e-government and IT, his statutory title.
via Agency Infosec Spend a Mystery to OMB.
Several missing CDs containing unencrypted personal data on 68,000 members of the CalOptima managed care plan have been traced to a secure postal facility in Atlanta. The discs went missing two weeks ago.
via CalOptima recovers discs with personal data on 68,000 members.
