Archive for December, 2006

Regulatory Compliance Actions Must Include Effective, ongoing Awareness and Training Efforts

Friday, December 29th, 2006

A great article was published on Law.com today written by Ryan Sulkin, “First Line of Defense Against Data Security Breaches: Employees.”
There are several points made that I hope business leaders read and take to heart.

(more…)

Psychotherapy Notes Fiasco and HIPAA: Bad Legislation, Bad Enforcement, or Bad Covered Entity?

Thursday, December 28th, 2006

The Pittsburgh Post-Gazette ran an interesting story today, “Spread of records stirs fears of privacy erosion.”
Basically this describes the trials and tribulations of a woman was denied disability benefits from her insurer following a car accident because of notes made by her psychologist. Reportedly the psychologist notes were intermingled with her general medical records.

(more…)

US SAFE WEB Act Signed Into Law Today

Tuesday, December 26th, 2006

Today the FTC announced President G.W. Bush signed the US SAFE WEB Act into law.

“Statement by Federal Trade Commission Chairman Deborah Platt Majoras On US SAFE WEB Act Being Signed Into Law by President George W. Bush
I am grateful to President Bush for signing the US SAFE WEB Act into law. The Act will help the Federal Trade Commission fight a range of practices that harm
American consumers – including fraudulent spam, spyware, misleading health and safety advertising, privacy and security breaches, and telemarketing fraud.
These practices are increasingly global in nature, and the US SAFE WEB Act will improve the FTC’s ability to cooperate with its foreign counterparts to combat them.”

(more…)

Medical Identity Theft and HIPAA

Friday, December 22nd, 2006

On Wednesday the Queens Gazette ran a report on medical identity theft.
This certainly is an issue of concern. I blogged about medical identity theft earlier this year.
Combining identity theft with unauthorized access to medical information certainly can lead to magnified repercussions beyond wrecked credit ratings and hundreds of hours spent trying to clean up all the damage a criminal can do with personally identifiable information (PII). The potential increases for further abusing and horribly impacting the involved individuals, metally, physically and financially, by having access to their prescription information, insurance information, physician information, medical history, and everything else involved.

(more…)

Email Smack Down: Morgan Stanley Charged by NASD with Purposefully Withholding Emails

Thursday, December 21st, 2006

Today it was widely reported, including on Computerworld, that Morgan Stanley claimed millions of their emails requested for arbitration were destroyed during the 9/11 terrorist attacks. The National Association of Securities Dealers (NASD) accused Morgan Stanley of in fact having the emails on backup media the entire time.

(more…)

PCAOB Formally Proposes New Auditing Standard for Section 404 of SOX

Wednesday, December 20th, 2006

Yesterday the SEC issued a press release regarding a Public Company Accounting Oversight Board (PCAOB) proposal for a new auditing standard for Section 404 of the Sarbanes-Oxley (SOX) Act. The goal of the proposal will be to strengthen investor protection while getting rid of what is referenced as the “unduly expensive and inefficient auditing standard under Section 404.”

(more…)

Data Ransom Story: Crooks Targeting Small Businesses and Individuals

Tuesday, December 19th, 2006

Yesterday USA Today ran a report, “Cybercrooks hold PC data captive.”
This is nothing new, I blogged about this type of ransom scheme earlier this year. The crooks are getting more creative.

(more…)

Data Ransom Story: Crooks Targeting Small Businesses and Individuals

Tuesday, December 19th, 2006

Yesterday USA Today ran a report, “Cybercrooks hold PC data captive.”
This is nothing new, I blogged about this type of ransom scheme earlier this year. The crooks are getting more creative.

(more…)

HIPAA: Report Shows Most Complaints Not Investigated

Monday, December 18th, 2006

Government Health IT published an interesting report today, “Most privacy complaints are not investigated.”
From the article:

“The Department of Health and Human Services investigated less than 25 percent of 22,964 privacy complaints submitted to HHS‚Äô Office for Civil Rights (OCR) from April 2003 through September 2006”

(more…)

Stolen Laptop: Laptop and Printouts with PII about 600 Students in Colorado

Sunday, December 17th, 2006

The Longmont, CO Daily Times reported December 14 that a nurse’s laptop was stolen from her car whle she was parked at a restaurant, along with paper records containing personally identifiable information (PII): “students‚Äô names and dates of birth; the names of their schools and what grade they are in; the students‚Äô Medicaid numbers; and their parents‚Äô names.”

(more…)