Group items tagged

Legislation to reform the Federal Information Security Management Act of 2002 will be introduced in the Senate on Tuesday, a Senate staffer who helped draft the bill told a panel at the RSA Conference in San Francisco on Thursday. Erik Hopkins' presentation provided further evidence that the White House could assume greater control in coordinating federal government security. In the panel - The New FISMA: Security Finally Transcends Compliance - Hopkins offered a diagram illustrating the bill that showed a cyber office reporting directly to the president. Hopkins, who works for the Senate Committee on Homeland Security and Governmental Affairs, was the third federal official addressing conference attendees to suggest the White House will be given more authority in safeguarding federal government information systems. On Wednesday, Obama administration cybersecurity advisor Melissa Hathaway - who last week submitted to the president an assessment of federal cybersecurity policy - said the White House must lead federal government cybersecurity efforts. A day before, National Security Agency Director Keith Alexander said NSA would not lead the nation's cybersecurity efforts, suggesting a greater role for the White House. Hopkins said the benefits of FISMA reform includes improved coordination of security efforts, better economies of scale and greater situational awareness of security threats such as knowing where they originate and how the government will respond.

Following complaints from Republicans, the White House has shut down a two-week-old e-mail tip line launched to take reports from citizens of "disinformation about health insurance reform." "An ironic development is that the launch of an online program meant to provide facts about health insurance reform has itself become the target of fear-mongering and online rumors that are the tactics of choice for the defenders of the status quo," wrote White House new media director Macon Phillips in announcing the change. "The White House takes online privacy very seriously," he added. The e-mail tip line, flag@whitehouse.gov, was launched Aug. 4 as part of the White House's Health Insurance Reform Reality Check effort, a campaign-style rapid-response effort reminiscent of the war room Obama for America launched in the summer of 2008 to fight online rumors about the then-senator's patriotism and religion. But coming from the head of state, rather than a political candidate, the new effort quickly sparked concern among Republicans about the propriety of government collecting information on private citizens' political speech.

Reform legislation is expected to be introduced this spring to update the Federal Information Security and Management Act, known as FISMA. A major complaint about FISMA is that complying with its rules does not necessarily guarantee departmental and agency information systems are secure. In this exclusive interview, Sen. Tom Carper, chairman of the Senate Subcommittee on Federal Financial Management, Government Information, Federal Services and International Security, discusses: Key provisions in the bill to improve ways to measure and determine the security of federal government information systems; Efforts to create a government-wide Chief Information Security Officer Council; His views on the most pressing cybersecurity challenges facing the nation: identity theft and the viability of financial institutions and threats by foreign nations to federal information systems.

New rules will protect consumers, harmonize regulation, and enshrine net neutrality. But a late amendment left the legislation in limbo The European Parliament has voted through a massive tranche of reforms for the European telecommunications sector, including a significant net-neutrality amendment. The 'Telecoms Package' of laws was voted into force on Wednesday with a large majority, and must now be ratified by the Council of Telecoms Ministers. The vote marks the first time that internet access has been recognised in European law as a fundamental right on a par with freedom of expression. The legislation also compels European telecoms and internet service providers (ISPs) to notify their customers of any personal data breaches, the first time they have been required to do so.

"A new study from the Pew Charitable Trust has found that every one of the credit cards offered by the country's 12 largest credit card issuers are bad deals for consumers and have practices the Federal Reserve has defined as "unfair or deceptive." The Trusts' Health Group's Safe Credit Cards Project, titled STILL WAITING: "Unfair or Deceptive" Credit Card Practices Continue as Americans Wait for New Reforms to Take Effect also compared credit union card programs and found them sharply better. "Although credit unions control only a small portion of credit card outstandings, comparisons between credit union and bank product models illustrate options available to consumers and potential benchmarks for future regulatory rulemaking efforts," the organization said. The observed credit unions presented a distinct alternative to credit card pricing and other practices of the observed banks, the report said. "In July 2009, median advertised interest rates on cards from the 12 largest credit unions were between 9.90 and 13.75% annually, depending on a consumer's credit profile-approximately 20% lower than comparable bank rates," the report said. "Meanwhile, credit union penalties were generally less severe than those of banks." "

As health care providers determine how they will take advantage of the $19 billion allocated in the stimulus package to help jumpstart advances in health information technology (HIT), consumer appetite for electronic health records (EHRs), online tools and services is also growing, according to the results of the 2009 Deloitte Survey of Health Care Consumers (www.deloitte.com/us/2009consumersurvey). While only 9 percent of consumers surveyed have an electronic personal health record (PHR), 42 percent are interested in establishing PHRs connected online to their physicians. Fifty-five percent want the ability to communicate with their doctor via email to exchange health information and get answers to questions. Fifty-seven percent reported they'd be interested in scheduling appointments, buying prescriptions and completing other transactions online if their information is protected. Technologies that can facilitate consumer transactions with providers and health plans, like integrated billing systems that make bill payment faster and more convenient, are also appealing to nearly half (47 percent) of consumers surveyed. The survey of more than 4,000 U.S. consumers 18 and over was released today at the Healthcare Information and Management Systems Society (HIMSS) Annual Conference held in Chicago. It is the second annual study examining health care consumers' attitudes, behaviors and unmet needs conducted by the Deloitte Center for Health Solutions offering health care industry leaders and policymakers a timely look at how health care consumerism is evolving. "Consumers are increasingly embracing innovations that enhance self-care, convenience, personalization and control of personal health information," said Paul H. Keckley, Ph.D., executive director, Deloitte Center for Health Solutions. "Consumers want a bigger say in their health care decisions. Consumer demand for HIT and its potential impact on reforming the system has never been stronger." Despite strong con

The Senate and House appear headed for a clash over competing visions of how to protect the privacy of patients' electronic medical records, with the House favoring strict protections advocated by consumer groups while the Senate is poised to endorse more limited safeguards urged by business interests. President Obama has called creation of a nationwide system of electronic medical records fundamental to health-care reform, and both chambers of Congress have included about $20 billion to jump-start the initiative as part of their stimulus bills. But as with much in the stimulus package, it is not just the money but the accompanying provisions that groups are trying to influence. The effort to speed adoption of health information technology has become the focus of an intense lobbying battle fueled by health-care and drug-industry interests that have spent hundreds of millions of dollars on lobbying and tens of millions more on campaign contributions over the past two years, much of it shifting to the Democrats since they took control of Congress. At the heart of the debate is how to strike a balance between protecting patient privacy and expanding the health industry's access to vast and growing databases of information on the health status and medical care of every American. Insurers and providers say the House's proposed protections would hobble efforts to improve the quality and efficiency of health care, but privacy advocates fear that the industry would use the personal data to discriminate against patients in employment and health care as well as to market the information, often through third parties, to generate profits.

As the National Security Council works on its comprehensive review of federal cybersecurity programs for President Obama, it is going to great lengths to consider privacy and civil liberty issues, some Congress members said Thursday. The House Cybersecurity Caucus on Thursday met with Melissa Hathaway, the acting senior director for cyberspace for the National Security and Homeland Security Councils, who is conducting for the administration a 60-day cybersecurity review. Rep. James Langevin (D-R.I.), co-chair of the House Cybersecurity Caucus, said Hathaway has been meeting with privacy and civil liberties groups to receive their input on how to reform cybersecurity. Those issues are "a forethought rather than an afterthought," he said. "Because these are such powerful tools (to grant federal authorities to regulate cyberspace), we're going to have to have the buy-in of the public and have their support." While the Senate is working on its own plan for White House-run cybersecurity efforts, Langevin said Hathaway's assessment may ultimately suggest a strategy with a stronger emphasis on inter-agency efforts. Langevin said it is still unclear whether Hathaway will recommend that a new office for cybersecurity should be created within the Executive Office of the President--a move some senators are pushing for. Certainly, though, policy will have to come from the White House. "This is going to have to be an ongoing strategy of collaboration and cooperation directed out of the White House," Langevin said. "But there won't be one king, so to speak, at the end of the day. The chief information officers at the departments and agencies are still going to have a role to play."

Industry Insiders Discuss HIT and HIPAA Issues March 30, 2009 by Astrid Fiano, Writer A significant part of President Obama's health care reform agenda is the push for implementing more health care technology. In the health care field privacy is always a major concern, and was the impetus of the Health Insurance Portability and Accountability Act of 1996--protecting the privacy of individually identifiable health information in all formats, and the confidentiality provisions of the Patient Safety Act--protecting identifiable information being used to analyze patient safety events. So those in the health care industry now wonder will the Administration's focus on health IT (HIT) present more challenges to privacy concerns? As part of a continuing focus on HIT issues, DOTmed interviewed industry expert Kirk J. Nahra, a partner in the Washington D.C. legal firm of Wiley Rein LLP, specializing in privacy and information security for the health care and insurance industries, and named an expert practitioner by the Guide to the Leading U.S. Healthcare Lawyers. DOTmed also interviewed Lise Rauzi, Vice President, Training Development, for Health Care Compliance Strategies (HCCS). HCCS provides online training compliance for employees. Nahra notes that regardless of the rising concern over privacy and the new HIT legislation, there have already been formal HIPAA security rules on electronic information in place for several years--the health care industry compliance has just been inconsistent. The problem -- to the extent there is one -- is that HIPAA rules are process-oriented, Nahra explained. The rules don't tell an entity what to do, but rather what to evaluate--a standard set of questions, but without a standard set of answers. For example, a covered entity has to have an internal audit, but the rules do not tell the entity how best to carry out that internal audit. Not surprisingly, different businesses have different ideas on how to implement their HIPAA evaluations

"As Congress makes headlines on healthcare and financial industry oversight reform, online data privacy watchdogs are hammering away behind the scenes on the Hill. A joint hearing on online and offline data collection scheduled for later this week, and a planned series of Federal Trade Commission data privacy events have advocacy groups from as far away as California visiting Washington to make sure their voices are heard. "What we're concerned about is the amount of surveillance and tracking going on without consumer consent," said Lee Tien, senior staff attorney at the San Francisco-based Electronic Frontier Foundation. Though often skeptical of government regulation, EFF recently joined lobbying groups including Center for Digital Democracy in recommending that Congress pass clear consumer privacy legislation. "

"Bankers are playing with fire by increasing risk when taxpayer tolerance with financial bailouts has worn perilously thin, the International Monetary Fund warned. Managing director Dominique Strauss-Kahn reckons bankers may be in the throes of a "Mardi Gras" party of renewed speculation ahead of a looming regulatory crackdown. Yet the return of their old habits is dangerous. If a new financial crisis occurred in a few years" time, the public would be unwilling to support another round of massive bailouts, he told the Confederation of British Industry. Democracy itself could be threatened if banks went back to taxpayers with their caps in their hands. "In an atmosphere of increasing optimism, we see signs of old habits coming back. Risk-taking is on the rise," said Strauss-Kahn. "Right now, regulatory uncertainty is throwing up some perverse incentives. For example, it might be encouraging a risk-taking culture -- a Mardi Gras effect whereby financial institutions party now in expectation of lean times to come. "Clearly, this is dangerous, not least for emerging markets. And we may run out of time -- if we wait too long to implement these reforms, it might be too late." A second wave of rescues may simply not get through national legislatures, he added: "The political reaction would be very strong, putting some democracies at risk." IMF figures show the aftershocks of the 2008 crisis are far from over, with firms recognising only half of their losses worldwide. Yet despite the fragility of the financial sector, there is mounting evidence that traders are making hay before tougher regulatory standards come into force. Investment banking profits have soared this year, as firms make the most of ultra-low interest rates, money-printing operations and huge government bond issuance programmes. Strauss-Kahn argued countries need to act quickly to remove "regulatory uncertainty" -- ensuring bankers do not make the most of the current confusion over future standards