Tag Archives: regulation

New ID theft rules may not pertain to small businesses – SC Magazine US

The rules, developed in accordance with the Fair and Accurate Credit Transactions Act of 2003 (FACTA), require financial institutions and other organizations classified as “creditors” to develop programs to identify, detect and respond to indications of identity theft. A bill passed this week would amend FACTA and exclude health care, accounting and legal practices with 20 or fewer employees from having to comply with the regulations, set to be enforced starting next month.

via New ID theft rules may not pertain to small businesses – SC Magazine US.

Feds’ Security Spending On a Roll: Over 8 Percent Growth Over Next Five Years – DarkReading

The U.S. federal government’s IT security spending will jump from $7.9 million to $11.7 billion in 2014 thanks to tightening federal security regulations, a 300 percent jump in attacks on feds’ networks and systems during the past five years, and the Obama administration’s emphasis on security, according to new data from research firm Input.

via Feds’ Security Spending On a Roll: Over 8 Percent Growth Over Next Five Years – DarkReading.

AHIMA floats privacy ‘bill of rights’ for entities outside HIPAA

The American Health Information Management Association (AHIMA) is looking to bridge what it sees as a yawning gap in health privacy protections with a seven-point bill of rights it hopes will push the healthcare industry to a “major paradigm shift” in patient privacy practices.

There are many entities that operate outside of the Health Insurance Portability and Accountability Act (HIPAA), AHIMA said, and there is a wide variance of regulations imposed by the states.

via In the News.

HHS Issues Rule Requiring Individuals Be Notified of Breaches of Their Health Information

The regulations, developed by the HHS Office for Civil Rights (OCR), require health care providers and other HIPAA covered entities to promptly notify affected individuals of a breach, as well as the HHS Secretary and the media in cases where a breach affects more than 500 individuals. Breaches affecting fewer than 500 individuals will be reported to the HHS Secretary on an annual basis. The regulations also require business associates of covered entities to notify the covered entity of breaches at or by the business associate.

via HHS Issues Rule Requiring Individuals Be Notified of Breaches of Their Health Information.

Mass. Makes Changes to ID Theft Regulations – Network World

State regulators in Massachusetts have made changes to a set of identity theft regulations.

The changes, according to a release from the state’s Office of Consumer Affairs and Business Regulation, maintain protections and also reinforce flexibility in compliance by small businesses and were made in response to concerns among small businesses who were concerned the proposed regulations would be too costly to put in place. The updated regulations will take effect March 1, 2010.

via Mass. Makes Changes to ID Theft Regulations – Network World.

FISMA Reform: Making Room for Innovation

Just days before perpetrators executed one of the broadest denial of service attacks against federal-interest IT systems, the Government Accountability Office was on the Hill presenting its recommendations for reforming FISMA; including plans to enhance and improve testing, policy, communications, reporting and auditing.

With IT security resources so heavily invested in policy, audits and compliance reporting, where is the room for real innovation and progress?

via Government Information Security News, Regulations, White Papers, Webinars, & Education – GovInfoSecurity.com.

New proposed regulations in the US #Compliance #GRC

New legislation continues to pass at a fast clip in the US under the new administration, some of the most revealing actions taken so far include:

more at The Forrester Blog For Security & Risk Professionals.

HIPPA.com :: New Single Source Location for HIPAA & HIT Information

Several nationally recognized healthcare experts have joined forces to create HIPAA.com, a single-source resource site where visitors will find access to HIPAA regulations, American Recovery and Reinvestment Act (ARRA) updates, and practical guidance on what to do to meet new regulations.

via HIPPA.com :: New Single Source Location for HIPAA & HIT Information.

HHS offers guidance on protecting health information – Modern Healthcare

HHS issued guidance on protecting personally identifiable healthcare information by encrypting or destroying it so that it is rendered “unusable, unreadable or indecipherable to unauthorized individuals.” The 20-page document was the work of a joint effort by HHS, its Office of the National Coordinator for Health Information Technology and Office for Civil Rights, and the CMS.

The guidance was required by the stimulus package and is linked to a pair of breach-notification regulations required under the legislation. One is to be issued by HHS, and the other by the Federal Trade Commission. Previously, the FTC issued an interim rule and a request for comments covering breach notification by personal health-record vendors and other entities not covered by the privacy and security provisions of the Health Insurance Portability and Accountability Act of 1996.

HHS also requests public comments on the proposed rulemaking due by May 21

via HHS offers guidance on protecting health information – Modern Healthcare.