Tag Archives: privacy

Feds Get Their Own App Store | Epicenter | Wired.com

If you had any question whether app stores were a passing fad, the answer probably lies with apps.gov, an app store by and for government agencies……

The GSA also takes care of all the acronyms as well. The sites are FISMA and 508 compliant, and the relevant PIAs have been completed, which is bureaucratic shorthand for saying the apps passed a security test, are accessible to those with disabilities and have fulfilled the relevant privacy reporting requirements

via Feds Get Their Own App Store | Epicenter | Wired.com.

PatientsLikeMe incident may just be ‘scraping’ the surface – FierceHealthIT

Ready for another threat to individual privacy? Less insidious, perhaps, than phishing, but potentially as damaging is a relatively new technique called “scraping.”

Scraping is the practice of trolling social networking sites, message boards and chat rooms looking for personal information that can help firms target the right people with their marketing efforts. And instead of being cloaked in the guise of a Nigerian prince or other shady character, scraping is being sponsored by some big-name, legitimate companies, and it’s starting to find its way into healthcare.

via PatientsLikeMe incident may just be ‘scraping’ the surface – FierceHealthIT.

Privacy software: Who are the early leaders? – software, security, privacy, ControlCase, Consult2Comply, brinQa, Avior Computing, Archer, applications, Agiliance – Security & Email – PC World Business

Together they form what I’d call the “privacy GRC” market, where GRC stands for “governance, risk and compliance.” GRC makes up most of what privacy people do.

It’s not a big market. To put things into perspective, Gartner is only in its third year of analyzing the nascent IT GRC market. The privacy GRC market is at the moment no more than just a subset of that.

via Privacy software: Who are the early leaders? – software, security, privacy, ControlCase, Consult2Comply, brinQa, Avior Computing, Archer, applications, Agiliance – Security & Email – PC World Business.

Rite Aid Agrees to Pay $1 Million to Settle HIPAA Privacy Case – MarketWatch

The OCR, which enforces the HIPAA Privacy and Security Rules, opened its investigation of RAC after television media videotaped incidents in which pharmacies were shown to have disposed of prescriptions and labeled pill bottles containing individuals’ identifiable information in industrial trash containers that were accessible to the public. These incidents were reported as occurring in a variety of cities across the United States. Rite Aid pharmacy stores in several of the cities were highlighted in media reports.

via Rite Aid Agrees to Pay $1 Million to Settle HIPAA Privacy Case – MarketWatch.

HHS Proposal covers chain of subcontractors – HIPAA

A key provision of the pending rules would make “downstream” healthcare subcontractors subject to HIPAA’s privacy and security requirements. HIPAA, as bolstered under the HITECH Act, already considers a health information exchange as a “business associate” of organizations covered by the law. Business associates are required to sign contacts that bind them to HIPAA.The proposed rule, however, would confer business associate status to subcontractors working with other business associates. Potentially, the requirement could work its way down a number of tiers as subcontractors to newly coined business associates would also fall under HIPAA’s scope.

via In the News.

Patients Question HIPAA Provision That Allows Use Of Patient Data For Fundraising

The federal law known as HIPAA that is meant to protect the privacy of patients “specifically allows medical centers to use patient information for fundraising activities,” The Seattle Times reports. “Information about diagnosis or treatment is off-limits, but federal and state laws allow hospitals, in most cases, to use a patient's name, address, contact information, dates of hospital service, gender, age and insurance status in fundraising efforts.”

via Patients Question HIPAA Provision That Allows Use Of Patient Data For Fundraising.

OCR Building HIPAA Audit Plan With Outside Help

HIPAA's privacy and security enforcer has hired an outside firm to help build its HITECH-required HIPAA auditing plan, the government agency tells HealthLeaders Media.

The Office for Civil Rights (OCR), which carries out for the Department of Health & Human Services (HHS) enforcement of the HIPAA privacy and security rules, says it does not have a timetable for when the audit plan begins.

via OCR Building HIPAA Audit Plan With Outside Help.

OCR Boosting HIPAA Security Enforcement

The health care industry can soon expect a greater emphasis on enforcing the HIPAA security rule than in years past.

That’s the message that Susan McAndrew, deputy director for privacy at the Department of Health and Human Services’ Office for Civil Rights, delivered May 11 at the Safeguarding Health Information conference in Washington. OCR sponsored the conference with the National Institute of Standards and Technology.

via OCR Boosting Security Enforcement.