Something that has bothered me, and many others, for a very long time is how there have been absolutely no enforcement actions for the Health Insurance Portability and Accountability Act (HIPAA) privacy rule or security rule since they went into effect. Passing a law and then not doing anything to enforce it, even after the enforcement agencies have received tens of thousands of complaints reporting noncompliance, makes the law weak and prone to disregard by covered entities (CEs) who see others getting away with noncompliance with just a, “Whoops! Sorry, we’ll try to fix that.”
Archive for the ‘government’ Category
HIPAA Security Rule and Privacy Rule Enforcement Reportedly Going To Be Pursued In 2007
Monday, April 9th, 2007Privacy Act: FTC Proposes Allowing Disclosure of PII Records to Third Parties To Assist Data Breach Response Within Gov’t Agencies
Tuesday, April 3rd, 2007On March 29 the FTC published a proposed new routine use, (72 Fed. Reg. 14814, 3/29/07), that would allow FTC records governed by the Privacy Act to be disclosed to “appropriate” persons and entities when reasonably necessary to respond and prevent, minimize, or remedy harm resulting from a U.S. government agency data breach or compromise.
How Long Has It Been Since You’ve Done An Awareness Activity? Privacy and Security Week Starts April 8
Monday, April 2nd, 2007Awareness activities are an important and necessary component of an effective, layered, information assurance program. Too little time is spent on communicating information security and privacy requirements, threats, vulnerabilities, and other related issues within most organizations. Providing regular traning and ongoing awareness activities to all personnel, along with customized training to targeted groups with unique information security responsibilities, such as call centers, sales and marketing folks, and applications and systems developers, as is also very important.
What Were They Thinking!? U.S. Marshals Put The PII of Thousands of People on a D.C. Street For Anyone To Take
Saturday, March 31st, 2007I read a lot of articles about incidents; it is hard to keep up with them all! However, one I ran across on the WUSA 9News Now site in Washington D.C. grabbed my attention.
Royal Academy of Engineering Releases Privacy Study Report: Emphasizes Importance of Engineering Security and Privacy Into Technology
Friday, March 30th, 2007The Royal Academy of Engineering, located in London, recently released a report, “Dilemmas of Privacy and Surveillance: Challenges of Technological Change.”
I just ran across it and haven’t had a chance to review it in depth yet, but a quick scan and reading the executive summary shows some interesting thoughts.
U.S. ONDI and DOD Standardizing Security Policies
Wednesday, March 28th, 2007The Office of the National Director of National Intelligence (ONDI) and the Department of Defense (DoD) announced they are going to standardize their information security policies.
The work on the standardization started 8 months ago.
Government Compliance: FBI Director Says USA PATRIOT Act Doesn’t Need Changes; That FBI Is To Blame for Associated Problems
Tuesday, March 27th, 2007Today U.S. FBI Director Robert Mueller appeared before the Senate Judiciary Committee and testified that there are no problems with the USA PATRIOT Act, but that the FBI did not implement the Act appropriately.
U.S. Dept of Homeland Security Creates National Computer Forensic Institute
Monday, March 26th, 2007On March 9 the U.S. Department of Homeland Security (DHS) announced the creation of a National Computer Forensic Institute.
U.S. Dept of Homeland Security Creates National Computer Forensic Institute
Monday, March 26th, 2007On March 9 the U.S. Department of Homeland Security (DHS) announced the creation of a National Computer Forensic Institute.
Most U.S. Government Agencies Still Not E-FOIA Compliant 10 Years Following Enactment; Disregard for Laws Also Leads to Disregard for Security Requirements
Wednesday, March 21st, 2007On March 12 the National Security Archive at George Washington University issued their report, “The Knight Open Government Survey 2007.”
Basically the study looked at how many of the 149 U.S. government agencies they surveyed were in compliance with the provisions of the Electronic Freedom of Information Act (EFOIA) here at the 10 year anniversary of the Act going into effect.
