Physicians using webcams to consult with patients soon could see significant obstacles, as state laws likely will grow more restrictive as technology advances, according to Capistrant.
Physicians must be licensed in the state where their practice is located and in any state where they see patients through videoconferencing. However, Capistrant said that some states have agreements with others to accommodate doctors who see patients across state lines.
In addition, Capistrant said doctors must make sure their communication with patients meets HIPAA security requirements.
via More Patients Meeting With Doctors Via Web Programs Such as Skype – iHealthBeat.
Google (GOOG) and a reseller of its products have filed a lawsuit against the U.S. Department of the Interior after the agency solicited bids for cloud-based e-mail and messaging services specifying that bidders must use Microsoft (MSFT) products.
via Google Sues Agency Over Microsoft-Only Cloud Deal – CIO.com.
Indiana Attorney General Gregory Zoeller has filed a lawsuit against health insurer WellPoint Inc., alleging the company did not notify 32,051 affected consumers in the state of a breach of their protected health information in a timely manner.
via Indiana AG Sues WellPoint for Breach.
With evidence mounting of flagrant abuses of PCI-DSS security standards, two attorneys are on the verge of announcing the official filing of a national lawsuit against one of the hospitality industry’s biggest point-of-sale (POS) technology providers and one of its system resellers. The targets of the upcoming legal action will be Restaurant Data Concepts, Inc. of Warwick, Rhode Island – creators of the POSitouch™ system – and CC Productions of Hoboken, New Jersey, the reseller. POSitouch technology is installed in more than 20,000 restaurants nationwide.
via Lawsuit Brewing Against Popular POS Software Provider and Reseller.
The federal law known as HIPAA that is meant to protect the privacy of patients “specifically allows medical centers to use patient information for fundraising activities,” The Seattle Times reports. “Information about diagnosis or treatment is off-limits, but federal and state laws allow hospitals, in most cases, to use a patient's name, address, contact information, dates of hospital service, gender, age and insurance status in fundraising efforts.”
via Patients Question HIPAA Provision That Allows Use Of Patient Data For Fundraising.
The American Medical Association (AMA) and the American Osteopathic Association (AOA) today filed a lawsuit against the US Federal Trade Commission (FTC) to prevent the agency from subjecting medical practices to identify-theft regulations called “Red Flags Rules.”
via AMA and AOA Sue Federal Trade Commission to Exclude Physicians From “Red Flags Rules”.
Washington last week became the third state to pass legislation that will allow banks to recover certain costs and damages from retailers and credit card processors that suffer data breaches after failing to comply with current Payment Card Industry (PCI) standards.
The law, which goes into effect on July 1 in Washington, follows similar laws passed in the states of Minnesota and Nevada and marks a fundamental change in the way government and private sector industries assign responsibility and accountability for preventing identity theft.
via New Law Lets Banks Recover Data Breach Costs – www.esecurityplanet.com.
The best way to avoid PCI audits and headlines about credit card lists leaking to the internet is to not store that data in the CRM system in the first place. Although your customer service reps (CSR) may need to access that data, the CRM system should hold only pointers (external keys) to the system of record for credit card numbers, bank account numbers, payment history, etc
via Don’t Let Your CRM System Feed the Lawsuit Beast.
Several restaurant owners in Louisiana and Mississippi are suing two companies that provided them with point-of-sale POS computer systems for credit card billing, saying that the systems were unsecure and allowed hackers to steal thousands of customers’ credit card information.
via Restaurant Owners File Lawsuit Over Credit Card Billing Safety Problems – AboutLawsuits.com.
The National Institute of Standards and Technology (NIST) has issued a draft publication for public comment that describes changes to the Security Content Automation Protocol (SCAP). SCAP is a suite of specifications that use the eXtensible Markup Language (XML) to standardize how software products exchange information about software flaws and security configurations.
via NIST Updates Automated Computer Security Validation Guidelines.