Group items tagged

A rule requiring healthcare providers, health plans, and other entities covered by the Health Insurance Portability and Accountability Act (HIPAA) to notify individuals of a breach of their unsecured protected health information will become effective September 23, 2009. The "breach notification" regulations implement provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, which was part of the American Recovery and Reinvestment Act of 2009 (ARRA). The new "breach notification" regulations apply to HIPAA-covered entities and their business associates. HIPAA covered-entities include health plans, healthcare clearinghouses, and healthcare providers. A business associate is a person or entity (such as a healthcare benefits broker) who, on behalf of the covered entity, performs a function involving the use or disclosure of individually identifiable health information.

"Forrester often gets inquiries such as, "What requirements should we keep in mind while developing our disaster recovery plans and documents?" and, "Which strategies work best for managing our disaster recovery program once it's in place?" "

Since Obama's landmark speech on cybersecurity in May, his administration hasn't revealed much about its long-percolating plans to shore up the government's defenses against hackers and cyberspies. But privacy advocates monitoring the initiative are already raising concerns about what they know and what they don't: the details that have trickled out--including the involvement of the National Security Agency--and the veil of classified information that still covers much of the multibillion-dollar project. "It feels like the Bush administration all over again," says Pam Dixon, executive director of the World Privacy Forum. "Not enough people know the details about these programs to have a good public discussion. We all want good security of government systems, but you have to balance the cloak and dagger elements with civil liberties."

GoogleApps is an upgade to the Los Angeles computer systems security? Doesn't that explain a lot?! Google Inc. this week came swinging at critics who have cited privacy and security concerns in calling on the city of Los Angeles to rethink its plan to implement the Google Apps hosted e-mail and office applications. In an interview yesterday, Matt Glotzbach, director of product management for Google Enterprise, said the angst voiced by consumer groups and others about the Los Angeles project is overstated and based on incomplete information. In fact, he contended that transitioning the applications to Google will strengthen the security of the city's data and better maintain its privacy. "From what I know of the city's operation, this is a security upgrade," Glotzbach said. "Those who may be unfamiliar with cloud computing see this as a security risk simply because it is new and because it is something different," he said. Glotzbach said he believes that at least some of the concerns raised originated from Google's competitors. Meanwhile top managers at the Los Angeles Information Technology Agency (ITA), which oversees technology implementations in the city, yesterday said the city is still committed to implementing Google Apps. The agency insisted that provisions are in place for addressing the security and privacy issues raised by critics. A spokesman for Mayor Antonio Villaraigosa said the city council will sign off on the project only after it is assured that the privacy and security concerns have been properly addressed.

Google Inc. this week came swinging at critics who have cited privacy and security concerns in calling on the city of Los Angeles to rethink its plan to implement the Google Apps hosted e-mail and office applications. In an interview yesterday, Matt Glotzbach, director of product management for Google Enterprise, said the angst voiced by consumer groups and others about the Los Angeles project is overstated and based on incomplete information. In fact, he contended that transitioning the applications to Google will strengthen the security of the city's data and better maintain its privacy. "From what I know of the city's operation, this is a security upgrade," Glotzbach said. "Those who may be unfamiliar with cloud computing see this as a security risk simply because it is new and because it is something different," he said. Glotzbach said he believes that at least some of the concerns raised originated from Google's competitors. Meanwhile top managers at the Los Angeles Information Technology Agency (ITA), which oversees technology implementations in the city, yesterday said the city is still committed to implementing Google Apps. The agency insisted that provisions are in place for addressing the security and privacy issues raised by critics. A spokesman for Mayor Antonio Villaraigosa said the city council will sign off on the project only after it is assured that the privacy and security concerns have been properly addressed.

As protests in Iran last month drew the world's attention, the top executives at a large global industrial goods company held a teleconference to consider their options. The meeting was hastily called, but the participants were not starting from scratch. In fact, the events unfolding in the country were strikingly similar to a scenario that they had developed, along with a handful others, in a 2008 offsite meeting focused on potential changes in their competitive environment. The workshop, the output, and the eventual impact on decision making represents a perfect illustration of how so-called scenario planning techniques can be utilized to help managers navigate in complex and uncertain environments. In the meeting the industrial company held last year, executives had discussed each scenario they developed, the potential triggers for each of them, and how the company should respond to each of these situations if it were to arise. Pulling out the notes from these discussions, they already knew their options and had a view on how they would like to respond. In many ways, they were prepared -- and already one step ahead of some other companies.

Further proof that LA has it head in the clouds - A plan to overhaul the city of Los Angeles' computer system is raising concerns about the security of confidential information. The nation's second-largest city is considering dumping its in-house computer network for Google Inc. e-mail and office programs that are accessed over the Internet. But the city police union says it doesn't have enough information to determine if sensitive witness and investigation files will be secure from hackers. Google spokeswoman Aviva Gilbert says security "is built into the DNA of our products."

A plan to overhaul the city of Los Angeles' computer system is raising concerns about the security of confidential information. The nation's second-largest city is considering dumping its in-house computer network for Google Inc. e-mail and office programs that are accessed over the Internet. But the city police union says it doesn't have enough information to determine if sensitive witness and investigation files will be secure from hackers. Google spokeswoman Aviva Gilbert says security "is built into the DNA of our products."

When I initially speak with clients about, or lecture on the need for a structured organizational change management (OCM) program, a common question is whether simply having a communication plan to broadcast news about the change is a good substitute.

"In a sign that state attorneys general may be flexing the HIPAA enforcement muscle granted by the HITECH Act provisions in the Recovery Act, the Connecticut and Arizona attorneys general are investigating health plans that recently experienced data breaches that they failed to disclose for several months. Typically, state attorneys general prosecute only violations of state laws, but they now have authority to investigate and levy fines for violations of HIPAA and the HITECH Act, which requires mandatory notifications within two months of knowledge of a breach. Connecticut Attorney General Richard Blumenthal (D) has emerged as possibly the first AG to take on a HIPAA investigation, and Arizona's AG may also be pursuing a similar course. The larger of the two breaches that have come to the AGs' attention was experienced by Health Net, Inc., which lost a portable external hard drive containing seven years of data for 446,000 Connecticut residents. The lost data came from 1.5 million individuals in total, who also hailed from New Jersey and New York. Health Net reported the loss to the Connecticut AG on Nov. 19, and on the same day Blumenthal issued a scathing statement demanding answers and promising action. He specifically said he was investigating whether Health Net may have violated "federal laws," as well as his state's own data protection laws."

"Faced with increasing pressure from Washington, the Interactive Advertising Bureau launched a public service campaign on Thursday aimed at educating consumers about behavioral targeting. The online campaign, created pro bono by WPP's Schematic, features rich media banner ads with copy like "Advertising is creepy" and "Hey, this banner can tell where you live. Mind if we come over and sell you stuff?" More than one dozen publishers -- including Microsoft, Google's YouTube, and AOL -- have committed to donate a combined 500 million impressions for the initiative. The campaign comes as policymakers are questioning whether data collection by marketers violates consumers' privacy. Rep. Rick Boucher (D-Va.) has said he plans to introduce a bill that could require Web companies to notify users about online ad targeting, and in some circumstances, obtain their explicit consent. In addition, the Federal Trade Commission has criticized the industry for using dense privacy policies to inform people about behavioral targeting, or tracking people online and sending them ads based on sites visited. In a meeting with reporters Thursday morning, IAB President and CEO Randall Rothenberg said one goal of the campaign is to address regulators' concerns that consumers don't understand behavioral advertising. "

"Today, the Federal Trade Commission opened new areas of a "virtual mall" with content that will help kids learn to protect their privacy, spot frauds and scams, and avoid identity theft. The FTC Web site, www.ftc.gov/YouAreHere, introduces key consumer and business concepts and helps youngsters understand their role in the marketplace. The FTC is the nation's consumer protection agency. "YouAreHere presents practical lessons about money and business in a fun and familiar setting," said David Vladeck, Director of the FTC's Bureau of Consumer Protection. "The new content takes kids behind the scenes to raise their awareness of advertising and marketing, pricing and competition, fraud and identity theft. At the FTC's online mall, visitors play games, watch short animated films, and interact with customers and store owners. They can design and print advertisements for a shoe store, investigate suspicious claims in ads and sales pitches, learn to identify the catches behind bogus modeling schemes and vacation offers, and guess the retail prices of various candies based on their supply, demand, and production costs. At the Security Plaza, visitors can build a social networking page and see the unintended consequences of posting personal information. They also get tips on how to keep their computers safe while they're online. In the arcade, visitors can play Info Defender 3 and protect Earthlings from Cyclorian invaders who would steal their identities. The game teaches the importance of protecting personal information, including Social Security numbers. For parents and teachers, the site offers detailed fact sheets with ideas for related activities. Teachers can use the site to complement lessons in consumer economics, government, social studies, language arts, and critical thinking. The National Council for Economic Education has developed a lesson plan that prominently features YouAreHere; it is available on the Parents and Teachers page. "

"A privacy watchdog's criticisms of Facebook appear to have captured the attention of the Federal Trade Commission. In a letter dated Jan. 14, David Vladeck, head of the FTC's Bureau of Consumer Protection, told the Electronic Privacy Information Center that its complaint about recent privacy changes at Facebook "raises issues of particular interest for us at this time." Vladeck added that he has asked an official to arrange a followup meeting with EPIC, but also said he can't currently confirm or deny whether the FTC has opened an investigation. FTC investigations are not public until the agency either issues a complaint or closes the matter. The FTC's consumer protection chief also said in his letter to EPIC that the commission plans to focus on privacy issues raised by social networks at the next roundtable, scheduled to be held in Berkeley, Calif. on Jan. 28. "

FTC may investigate privacy issues on FaceBook? Equal bang for the buck by identifying and educating users who post way too much personal information.

"Federal agents can examine webcam photos and other information secretly collected from students' laptops and stored in the Lower Merion School District's computer network, a judge has ruled. Acting on a request from federal prosecutors, U.S. District Judge Jan E. DuBois agreed to broaden an earlier order that limited the release of the photos to the students or their parents and lawyers. His order was signed Friday and made public Monday. FBI agents and prosecutors want to review the images to see whether any laws were broken when school district employees activated a tracking system that snapped photos and copied screen images from lost or stolen laptops. Lower Merion school officials have acknowledged poor planning and oversight led the tracking system to capture at least 50,000 images - some showing teens or their relatives in their homes - from laptops that had already been returned to students."

Confused by the difference between privacy & security? What might your kid's laptop camera capture if it was secretly turned on by their school while searching for stolen laptops? Soon the FBI will be able to tell you.

"It's one of the newest and most popular stops on the Washington, D.C. tour, and its artifacts of history leave clues for how information security professionals should approach their future. The International Spy Museum has just celebrated its 7th year and its 5 millionth visitor, says Executive Director Peter Earnest, a former CIA officer who's run the museum since its inception. In an exclusive interview, Earnest discusses: the museum's goals and growth plans; who visits the museum and what they get from the experience; lessons to be learned by today's information security professionals. Earnest is a 35-year veteran of the Central Intelligence Agency (CIA). He served 25 years as a case officer in its Clandestine Service, primarily in Europe and the Middle East. He ran intelligence collection and covert action operations against a range of targets including Soviet Bloc representatives and Communist front organizations. As Museum director, he has played a leading role in its extraordinary success as a Washington attraction. He edits the Museum's book ventures and has frequently been interviewed by the major media in radio, TV, and the press on current intelligence issues."

"Nearly every practicing doctor in the United States is being warned that their identities might have been stolen when the laptop of an employee of an insurance trade group was snagged from a car in Chicago. The laptop contained business and personal information such as Social Security numbers, addresses and certain identification numbers on the laptop of an employee from the Chicago-based Blue Cross and Blue Shield Association, a trade group for the nation's Blue Cross health insurance plans. The association confirmed that an employee "broke protocol and transferred to a personal laptop" information that was stolen in late August. No patient information was on the database, and so far, no doctor has reported a security breach. However, nearly 20 percent of the doctors listed in the database have their Social Security numbers as their medical-care provider identification, putting these health professionals at risk for identity theft, according to an article in the Chicago Tribune."

"Sun Microsystems, Inc. and Deloitte today announced a collaborative initiative to help companies develop efficient, cost-effective and sustainable technology and business processes to address their unique regulatory compliance and technology governance challenges. As part of this initiative, Sun and Deloitte today announced their plans for the Center for Technology Governance and Compliance (CTGC), which combines Deloitte's consulting and advisory services with Sun's IT management solutions and services, including its Information Lifecycle Management (ILM) and Identity Management technology portfolios. Access to the professionals and services within the CTGC is available through Sun Solution Centers. To learn more, please visit http://www.sun.com/compliance or http://www.deloitte.com/ . As a worldwide leader in network computing systems, Sun provides scalable solutions designed to protect and manage business-critical information through its lifecycle. The combination of Deloitte and Sun brings together complementary competencies to deliver a business-driven, technology-enabled framework for creating and implementing technology governance and compliance strategies and programs."

"As many as 68,000 members of CalOptima, the Medicaid plan for Orange County, California, may be at risk of identity theft and fraud after several CDs containing their personal information disappeared while in transit, the agency reported. "CalOptima's claims scanning vendor sent the electronic media devices to CalOptima through the U.S. Postal service by certified mail," the agency said. "On Tuesday, October 13, 2009, CalOptima discovered the apparent loss of the devices when the external packaging materials were delivered by the U.S. Postal Service without the box containing the devices." The missing discs include patient information such as names, addresses, Social Security numbers, diagnoses, and billing codes. CalOptima said it notified state and federal agencies of the breach on October 14, and posted an alert on its Web site on October 15."

Is the price to safeguard America's information systems and networks on a collision course with efforts to rescue the economy? One would hope not, but the $789 billion stimulus package that contains nearly $10 billions for IT-related projects offered very little for cybersecurity. Still, the president sees protecting government and private-sector information systems as crucial to the economic vitality of the country. So, when Acting Senior Director for Cyberspace Melissa Hathaway hands the President her recommendations on securing the nation's information infrastructure later this month, a sharper picture should emerge on how much money the government will need to spend to do just that. What Price Security? The government isn't a spendthrift in protecting its IT networks; it earmarked $6.8 billion a year on cybersecurity this fiscal year, up from $4.2 billion five years ago, according to the White House Office of Management and Budget. But is that enough? Appropriating money to find new and innovative ways to protect our critical information infrastructure doesn't seem to be a government priority, at least not yet. Of the $147 billion the government planned to spend on all types of research and development this fiscal year, only $300 million or 0.2 percent was slated for cybersecurity, according to the Securing Cyberspace in the 44th Presidency report issued by the Center for Strategic and International Studies. By comparison, the budget contained five times as much money $1.5 billion for nanotechnology R&D.

Data security represents both a new market opportunity to sell insurance coverage and a new risk - especially for independent insurance agencies that may not be compliant with data security laws or have plans in place to protect their own companies from data breaches. While data security is an evolving issue, failing to protect data can have a huge financial impact on a company. The average total per-incident cost of a data security breach was $6.65 million, compared to an average per-incident cost of $6.3 million in 2007, according to the "U.S. Cost of Data Breach Study" conducted by data protection company PGP Corp. and information management research firm The Ponemon Institute. The PGP/Ponemon study indicated that data breach incidents cost U.S. companies $202 per compromised customer record in 2008, meaning that companies incur additional costs with an abnormal churn in lost customers. More than 84 percent of data breach cases in 2008 involved organizations that had more than one data breach. And, more than 88 percent of all cases in the study involved insider negligence. The cost of lost business continued to be the most costly effect of a breach, averaging $4.59 million or $139 per record compromised. Lost business now accounts for 69 percent of data breach costs, up from 65 percent in 2007, compared to 54 percent in the 2006 study. "After four years of conducting this study, one thing remains constant: U.S. businesses continue to pay dearly for having a data breach," said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. "As costs only continue to rise, companies must remain on guard or face losing valuable customers in this unpredictable economy." Includes video: Data Security Creating Insurance Agent Sales Opportunities

Two things to remember as you prepare to file your taxes: If you get an e-mail from the IRS, it's probably a scam. And don't forget the stamp. As the April 15 tax filing date nears, online tax-related scams tend to ratchet up, experts say. If you're not careful, you could lose a lot more than just the refund. "Filing your taxes online is extremely convenient, however if you want to maintain the privacy of your data, you need to ensure that you are connecting to the proper Web site, that the connection is using encryption, and that your computer is free from any malware. If any of these components are compromised then your data is not safe," Ryan Barnett, director of application security research for Breach Security, said on Friday. "This would be like going to an ATM machine to withdraw money and allowing everyone around you to see your PIN number as you punch it in," he added. Not only do people have to take precautions in storing and transmitting their data over the Internet, but they also have to be wary of social engineering-type ruses that scammers use to trick people into giving out their sensitive data. Probably the most common type of tax season scam is the fake IRS phishing e-mail. These e-mails will either claim to be a tax refund or an offer to help file for a refund, settle tax debt, or other aid. (Not long ago, scammers were offering economic stimulus payments, even before the plan was approved.) They will provide a link to a Web site where the visitor is prompted to type in personal data like a Social Security number. Don't trust it, experts say.

www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com

U.S. lawmakers plan to introduce privacy legislation that would limit how Internet service providers can track their users, despite reports that no U.S. ISPs are using such technologies except for legitimate security reasons. Representative Rick Boucher, a Virginia Democrat, and three privacy experts urged lawmakers Thursday at a hearing before the House Energy Commerce subcommittee to pass comprehensive online privacy legislation in the coming months. Advocates of new legislation focused mainly on so-called deep packet inspection (DPI), a form of filtering that network operators can use to examine the content of packets as they travel across the Internet. While DPI can be used to filter spam and identify criminals, the technology raises serious privacy concerns, Boucher said. "Its privacy-intrusion potential is nothing short of frightening," he added. "The thought that a network operator could track a user's every move on the Internet, record the details of every search and read every e-mail ... is alarming."