ARRA 2009: Privacy & Security Changes – Part II

This article takes a look at the American Recovery and Reinvestment Act (ARRA) of 2009, which created some significant changes to privacy and security regulations which were outlined in the Health Insurance Portability and Accountability Act (HIPAA) as well as the Health Information Technology for Economic and Clinical Health (HITECH) Act. The ARRA imposes substantial modifications in four main areas: 1) HIPAA statutory requirements; 2) Increased enforcement of HIPAA; 3) Provisions to address health information held by entities not covered by HIPAA; and 4) Other changes including administrative changes, studies, reports and educational initiatives. This article takes a look at the modifications the ARRA made to HIPAA [...]

Share
February 2nd, 2012 | Tags: , , , , , , , | Category: Privacy | Leave a comment

Identity Access Management: Processes, Services and Advantages

IAM systems have evolved significantly over the last fifty years. Their range of functions have increased and IAM services now boast numerous advantages. This article defines IAM systems and takes a look at the functions and components of IAM [...]

Share
August 23rd, 2011 | Tags: , , , , , , , , | Category: Privacy | Leave a comment

PCI DSS: Preventing Credit Card Fraud

The PCI DSS (Payment Card Industry Data Security Standard) was developed in 2004 by Visa, MasterCard, American Express, and other payment card industry stakeholders in order to prevent credit card fraud. This article takes a look at the “digital dozen” that make up this standard. [...]

Share
April 19th, 2011 | Tags: , , , , , , | Category: Privacy | Leave a comment

Data Breaches Cost US Hospitals $6 Billion Annually

The 2010 Benchmark Study on Patient Privacy and Data Security, conducted by the Ponemon Institute. The study revealed that data breaches were costing hospitals across the US up to $6 billion each year. Breaches of patient information are largely undetected by the organization, due to lack of priority, resources, preparation and staffing for privacy and security [...]

Share
March 15th, 2011 | Tags: , , , , , , | Category: Privacy | Leave a comment

De-Identification & Re-Identification

This article looks at the processes of de-identification, or anonymization of personal information. It also examines how developments in re-identification can use anonymous information to identify individuals, underscoring the shortcomings of anonymization [...]

Share
September 21st, 2010 | Tags: , , , , , | Category: CIPP, Compliance & Regulations, Privacy | Leave a comment

HIPAA Enforcement: CVS Case Example

While understanding privacy law and how it should be implemented is important, it is equally important to know how such laws are enforced and investigated by the U.S. Government. The following case explains the corrective action the Office of Civil Rights under the Department of Health and Human Services was forced to take ensure compliance of a covered entity that had significantly and repeatedly violated the Privacy Rule of HIPAA.

Following reports of improper disposal of personal health information (PHI) the OCR launched an investigation into the information practices of CVS Entities in September 2007. Their review found the following:

Between [...]

Share
June 15th, 2010 | Tags: , , , , , , , , , , , | Category: CIPP, Compliance & Regulations | Leave a comment

HIPAA Enforcement Process

The Health Insurance Portability and Privacy Act was passed in 2003. Since then HIPAA has become one of the most consistently enforced privacy laws to date. Enforcement falls largely to the Department of Health and Human Service’s Office of Civil [...]

Share
May 25th, 2010 | Tags: , , , , , , , | Category: CIPP, Compliance & Regulations | Leave a comment

HIPAA: Health Information Portability and Accountability Act

HIPAA is a sectoral law that was first developed in 1996, to enact several changes in the healthcare industry. Among these changes are a security rule and privacy rule which protect personal health [...]

Share
January 25th, 2010 | Tags: , , , , , | Category: CIPP, Compliance & Regulations | 3 comments

Online Assurance Programs

Online assurance programs were created to independently regulate information privacy and build consumer trust, especially with regard to Internet transactions. These programs play a big role in countries, like the United States, which rely on industry self-regulation, rather than strong government oversight to ensure the protection of consumer [...]

Share
December 28th, 2009 | Tags: , , , , , , , , , , , | Category: CIPP, Privacy | Leave a comment

Data Destruction and Privacy

If asked to identify the point in the information lifecycle in which data is often most vulnerable, most people would not say “Destruction.” Destruction itself is a simple concept. After personal data or technology storing personal data is no longer useful it is discarded. However, completely erasing data from existence is not that easy. Computer files are particularly difficult to destroy. Furthermore, with the increasing use of cloud computing services, more and more personal data is being stored on third party servers, where the information controller has to trust their provider to remove the information when requested. Control over the deletion and destruction of data is taken out of the data controller and the data subject’s hands. The problems associated with proper disposal, make it so that the destruction of data is one of the times personal information is most likely to be at risk for unauthorized access. Because of this, data destruction remains an important privacy issue discussed among professionals in the industry [...]

Share
November 23rd, 2009 | Tags: , , , , , , , , , , | Category: CIPP, Compliance & Regulations, Privacy | Leave a comment
 
  Older Entries »