If anyone doubted that there is a cost to ignoring privacy regulations, $5.3 million in penalties doled out last week for violations of the Health Insurance Portability and Accountability Act (HIPAA) should put such doubt to rest. Not only is the government pursuing enforcement, but it is going to come down particularly hard on organizations that don’t take it seriously.
via Don’t view HIPAA fines as cost a of doing business – FierceCIO.
This article is the first in a short series designed to help small businesses understand the regulations around securing credit card transactions, specifically the PCI DSS (Payment Card Industry’s Data Security Standard) requirements.
via An SMB Guide to Credit Card Regulations: Part I- PCI DSS Q&A – Security Views – Dark Reading.
According to the survey, 80 percent of respondents say securing patient information from unauthorized access and data breaches is a top priority, and 76 percent claim breach of confidential information or unauthorized access to clinical applications as their greatest security concerns – so much so that 97 percent say that HIPAA and HITECH Act regulations are driving their organization’s purchasing decisions. Seventy-four percent, meanwhile, say their organization will spend more on security in 2010 than it did in 2009.
via Data breach prevention top of mind for healthcare IT decision makers (WTN News).
This week Visa Inc. said it’s going to reduce unnecessary storage of sensitive card information in merchant payment systems. Specifically, Visa is clarifying that existing operating regulations ensure acquirers and issuers allow merchants to present a truncated, disguised or masked card number on a transaction receipt for dispute resolution in place of the full 16-digit card number.
“By reducing the amount of vulnerable data in merchant systems that must be protected from compromise, merchants can see greater security as well as more streamlined compliance needs,” said Visa’s Eduardo Perez, head of global payment system security, in a statement.
The Federal Trade Commission (FTC) has once again pushed back its enforcement deadline for an identity theft –lated regulation called the Red Flags Rule.
The rule requires financial institutions and other organizations that extend consumer credit to develop and implement written policies for detecting and preventing identity theft.
via FTC pushes back identity theft rules deadline — for fifth time.
The American Medical Association (AMA) and the American Osteopathic Association (AOA) today filed a lawsuit against the US Federal Trade Commission (FTC) to prevent the agency from subjecting medical practices to identify-theft regulations called “Red Flags Rules.”
via AMA and AOA Sue Federal Trade Commission to Exclude Physicians From “Red Flags Rules”.
In a notice published Tuesday in the Federal Register, OCR spells out ways in which it will use information reported via a computer system called the Program Information Management System. The American Recovery and Reinvestment Act tightens HIPAA regulations to require healthcare organization to report breaches that may cause direct harm to the affected patients.
via OCR sets rules for sharing HIPAA breach information – FierceEMR.
How one uses the cloud is most dependent how compliant you intend to be. Once you understand the individual compliance regulations and specific requirements, it’s likely that you (and your data) can live comfortably on the cloud.
… When we asked the 379 respondents to our InformationWeek Analytics survey on regulatory compliance how many requirement sets their organizations are addressing, the No. 1 answer was four or more, at 35%.
via Comply And/Or Die: Conforming With Multiple Regulations — Compliance — InformationWeek.
Some DAM products provide features for privileged-user monitoring and basic database auditing, two areas that have historically been underserved. Need more? The use of DAM technology is starting to be considered an essential control when demonstrating compliance with industry regulations and standards that require regular review of logs — a category that includes PCI DSS, HIPAA, the Gramm-Leach-Bliley Act, FISMA, and Sarbanes-Oxley.