An official at HHS Office for Civil Rights says the agency has not decided whether to include business associates in its HIPAA-compliance audit plans, HealthLeaders Media reports.
via OCR Deciding Whether To Run HIPAA Audits on Business Associates – iHealthBeat.
The Department of Health and Human Services should not require hospitals and other entities covered by the Health Insurance Portability and Accountability Act to provide to individuals on request a report detailing all internal disclosures of their personal health information from electronic designated record sets, the AHA told the department in a letter today. AHA said the proposal, included in a proposed rule modifying the HIPAA privacy rule under the HITECH Act, fails to meet the law’s requirement to “appropriately balance the relevant privacy interests of individuals with the substantial burdens on covered entities, including hospitals.” The association urged HHS to withdraw the proposal and “reissue a request for information aimed at better reflecting the statutory requirements, the technological realities, and better alignment of the regulation’s effectiveness with the compliance burdens.” While generally endorsing the rule’s proposed accounting of disclosures revisions, AHA urged additional changes to ensure a proper balance of the value of the information to patients with the burdens to covered entities of producing it. AHA also urged HHS to retract the rule’s preamble commentary about the HIPAA security rule in order to reflect longstanding department guidance.
via AHA urges changes to proposed rule for PHI disclosures.
Boston: Security experts have discovered the biggest series of cyber attacks to date, involving the infiltration of the networks of 72 organizations including the United Nations, governments and companies around the world.
via Biggest-ever series of cyber attacks uncovered – Tech News – IBNLive.
The 25 most used passwords? seinfeld, password, winner, 123456, purple, sweeps, contest, princess, maggie, 9452, peanut, shadow, ginger, michael, buster, sunshine, tigger, cookie, george, summer, taylor, bosco, abc123, ashley, bailey
via Analysis of passwords in Sony security breach.
As Sony deals with their most recent data breach of one million passwords, we look at the the largest data loss incidents on record
via Largest data breaches of all time.
ControlCase Data Discovery enables large and small businesses and organizations to find credit and debit card information that could be stored in their systems in violation of the Payment Card Industry (PCI) Data Security Standard (DSS) Finding credit card data is one of the key and initial steps needed for compliance
via ControlCase Data Discovery » Downloads.
The PCI Security Standards Council Friday released its long-awaited guidance on how mobile payment acceptance applications can meet PCI standards .
The council today listed the types of mobile applications now measured by the security standards, and which types require further review.
via PCI Council says mobile payment apps can meet security standard.
Until such time that it has completed a comprehensive examination of the mobile communications device and mobile payment application landscape, the Council will not approve or list mobile payment applications used by merchants to accept and process payment for goods and services as validated PA-DSS applications unless all requirements can be satisfied as stated
via PCI SSC Nixes PA-DSS Certification For Mobile Payments Applications – For A While « PCI Guru.
The National Institute of Standards and Technology (NIST) has issued the final version of its Guide to Industrial Control Systems (ICS) Security (SP 800-82),* intended to help pipeline operators, power producers, manufacturers, air traffic control centers and other managers of critical infrastructures to secure their systems while addressing their unique performance, reliability, and safety requirements
via Final Version of Industrial Control Systems Security Guide Published, National Inst.
