If you had any question whether app stores were a passing fad, the answer probably lies with apps.gov, an app store by and for government agencies……
The GSA also takes care of all the acronyms as well. The sites are FISMA and 508 compliant, and the relevant PIAs have been completed, which is bureaucratic shorthand for saying the apps passed a security test, are accessible to those with disabilities and have fulfilled the relevant privacy reporting requirements
via Feds Get Their Own App Store | Epicenter | Wired.com.
Ready for another threat to individual privacy? Less insidious, perhaps, than phishing, but potentially as damaging is a relatively new technique called “scraping.”
Scraping is the practice of trolling social networking sites, message boards and chat rooms looking for personal information that can help firms target the right people with their marketing efforts. And instead of being cloaked in the guise of a Nigerian prince or other shady character, scraping is being sponsored by some big-name, legitimate companies, and it’s starting to find its way into healthcare.
via PatientsLikeMe incident may just be ‘scraping’ the surface – FierceHealthIT.
Together they form what I’d call the “privacy GRC” market, where GRC stands for “governance, risk and compliance.” GRC makes up most of what privacy people do.
It’s not a big market. To put things into perspective, Gartner is only in its third year of analyzing the nascent IT GRC market. The privacy GRC market is at the moment no more than just a subset of that.
via Privacy software: Who are the early leaders? – software, security, privacy, ControlCase, Consult2Comply, brinQa, Avior Computing, Archer, applications, Agiliance – Security & Email – PC World Business.
The OCR, which enforces the HIPAA Privacy and Security Rules, opened its investigation of RAC after television media videotaped incidents in which pharmacies were shown to have disposed of prescriptions and labeled pill bottles containing individuals’ identifiable information in industrial trash containers that were accessible to the public. These incidents were reported as occurring in a variety of cities across the United States. Rite Aid pharmacy stores in several of the cities were highlighted in media reports.
via Rite Aid Agrees to Pay $1 Million to Settle HIPAA Privacy Case – MarketWatch.
It’s not a new law, but it’s a tangible, short-term step toward protecting the privacy of patient data that travels online. To address loopholes in current patient privacy legislation, the Health and Human Services Department on Thursday proposed privacy rules that would apply to vendors of technology that transmit personal health data.
via HIPAA Rules Now Apply to PHRs – Health IT Update.
A key provision of the pending rules would make “downstream” healthcare subcontractors subject to HIPAA’s privacy and security requirements. HIPAA, as bolstered under the HITECH Act, already considers a health information exchange as a “business associate” of organizations covered by the law. Business associates are required to sign contacts that bind them to HIPAA.The proposed rule, however, would confer business associate status to subcontractors working with other business associates. Potentially, the requirement could work its way down a number of tiers as subcontractors to newly coined business associates would also fall under HIPAA’s scope.
via In the News.
The Office of Management and Budget (OMB) has finished its review of proposed rules related to changes to HIPAA privacy and security rules, meaning the rules could hit the streets this week.
The OMB reports that it has concluded its regulatory review of the rules HHS sent in April.
via OMB Completes HIPAA Rules Review.
The federal law known as HIPAA that is meant to protect the privacy of patients “specifically allows medical centers to use patient information for fundraising activities,” The Seattle Times reports. “Information about diagnosis or treatment is off-limits, but federal and state laws allow hospitals, in most cases, to use a patient's name, address, contact information, dates of hospital service, gender, age and insurance status in fundraising efforts.”
via Patients Question HIPAA Provision That Allows Use Of Patient Data For Fundraising.
HIPAA's privacy and security enforcer has hired an outside firm to help build its HITECH-required HIPAA auditing plan, the government agency tells HealthLeaders Media.
The Office for Civil Rights (OCR), which carries out for the Department of Health & Human Services (HHS) enforcement of the HIPAA privacy and security rules, says it does not have a timetable for when the audit plan begins.
via OCR Building HIPAA Audit Plan With Outside Help.
The health care industry can soon expect a greater emphasis on enforcing the HIPAA security rule than in years past.
That’s the message that Susan McAndrew, deputy director for privacy at the Department of Health and Human Services’ Office for Civil Rights, delivered May 11 at the Safeguarding Health Information conference in Washington. OCR sponsored the conference with the National Institute of Standards and Technology.
via OCR Boosting Security Enforcement.