CenITex, the Victorian Government’s shared services IT agency, will adopt a new IT governance, risk and compliance (ITGRC) package to improve its information security function.
The Compliance Checker runs an assessment on ESX/ESXi hosts managed by vCenter
The assessment is based on a predefined subset of 29 of the vSphere 4.1 Security Hardening Guide rules and is run against the first 5 ESX/ESXi hosts found on the target vCenter
One of the ways our customers can be are assured their data is protected is through third-party audits and certifications. Since 2008, Google Apps has successfully undergone annual SAS 70 Type II audits. This year the SAS70 Type II audit has evolved into the SSAE 16 Type II attestation and its international counterpart, ISAE 3402 Type II. We’re happy to announce that Google is one of the first major cloud providers to be certified for compliance to these new audit standards.
An official at HHS Office for Civil Rights says the agency has not decided whether to include business associates in its HIPAA-compliance audit plans, HealthLeaders Media reports.
The Department of Health and Human Services should not require hospitals and other entities covered by the Health Insurance Portability and Accountability Act to provide to individuals on request a report detailing all internal disclosures of their personal health information from electronic designated record sets, the AHA told the department in a letter today. AHA said the proposal, included in a proposed rule modifying the HIPAA privacy rule under the HITECH Act, fails to meet the law’s requirement to “appropriately balance the relevant privacy interests of individuals with the substantial burdens on covered entities, including hospitals.” The association urged HHS to withdraw the proposal and “reissue a request for information aimed at better reflecting the statutory requirements, the technological realities, and better alignment of the regulation’s effectiveness with the compliance burdens.” While generally endorsing the rule’s proposed accounting of disclosures revisions, AHA urged additional changes to ensure a proper balance of the value of the information to patients with the burdens to covered entities of producing it. AHA also urged HHS to retract the rule’s preamble commentary about the HIPAA security rule in order to reflect longstanding department guidance.
ControlCase Data Discovery enables large and small businesses and organizations to find credit and debit card information that could be stored in their systems in violation of the Payment Card Industry (PCI) Data Security Standard (DSS) Finding credit card data is one of the key and initial steps needed for compliance
Smaller merchants tend to rely on their acquirer or independent sales organization (ISO) to initiate PCI DSS compliance validation. Without directive or enforcement of such initiatives, many will forgo basic steps to protect their networks and their customers’ cardholder data because they feel they do not have the time or the proper resources, or they’re just not aware of the requirement, the survey found.
HHS has now sent a clear message to entities bound by HIPAA – HIPAA must be taken seriously. Indeed, in the HHS press release related to the Mass General incident, OCR Director Georgina Verdugo indicated that entities bound by HIPAA must ensure they have an effective compliance plan in place in order to avoid enforcement penalties. Specifically, Verduga stated, “[w]e hope the health care industry will take a close look at this [Mass General Resolution] agreement and recognize that OCR is serious about HIPAA enforcement.
According to a survey recently unveiled by the Ponemon Institute, a new factor is driving adoption of encryption technologies by merchants. For the first time in the six years of the U.S. Enterprise Encryption Trends survey, more businesses emphasized the meeting of PCI DSS requirements as a factor for adopting encryption technology. Previously the primary motivation to adopt data security technologies was to protect against security breaches.
The latest PCI compliance reports (data current as of Dec. 31, 2010) show little change for Level 1 and Level 2 merchants, with each group holding at 96 percent. Level 1 had been at 96 percent for months, but the number of retailers in that group jumped from 358 to 377 (since the prior report in June 30, 2010). Level 2 had been at 95 percent, so the 96 percent figure reflects a slight increase. The number of merchants in Level 2, however, dropped from 894 to 881. So if even a few of those 13 retailers had been non-compliant, that could explain the bump up to 96 percent.