http://www.compliancehome.com/ ComplianceHome is one of the Web's largest library of resources for compliance management of HIPAA, SOX, FISMA, GLBA, FDA, COOP & COG, FFIEC, Basel II, OSHA and ISO 27002/17799. Visit our directories which are the best source on White papers, related news articles, resources on the web, training, webinars, conferences, rules & regulation overview, ask the expert, job and search on vendors, solutions & products. http://www.compliancehome.com/images/rsslogo.gif http://www.compliancehome.com/ en-us Mon, 05 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13679.html A study found that 64 percent of respondents said the issue is the top security concern. Despite increased awareness of access control issues, healthcare providers continue to struggle with security and compliance related to user access, according to the results of a survey conducted at the Health Information Management and Systems Society 2008 conference in February. The survey, conducted by enterprise provisioning and access control software vendor Courion at the show Feb. 24-28, revealed that 64 percent of respondents cited controlling user access to clinical systems as their top IT security concern. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13679.html Mon, 05 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13678.html Collecting millions of security incident alerts without the manpower to interpret them doesnt do much to improve security. Just ask health insurer Priority Health, whose security staffers had been drowning in alerts from the firms firewalls, intrusion detection system (IDS), and system logs, trying to separate real threats from the false alarms. Priority Health, which has 500,000 customers, was getting frustrated with the time-consuming and tedious process -- as were its auditors. So the firm, which provides health care insurance to 100 acute-care hospitals and over 12,000 doctors and other health care providers in Michigan, had to better integrate its security tools and the data it was generating. HIPAA-compliance pressure was on, too: Because of emerging HIPAA reporting regulations regarding log activity, we needed to monitor the activity on our systems and network more closely than we had in the past, says Tim Maletic, information security engineer at Priority Health. Priority H http://www.compliancehome.com/resources/HIPAA/Articles/abstract13678.html Mon, 05 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13677.html Information on thousands of UCSF patients was accessible on the Internet for more than three months last year, a possible violation of federal privacy regulations that might have exposed the patients to medical identity theft, The Chronicle has learned. The information accessible online included names and addresses of patients along with names of the departments where medical care was provided. Some patient medical record numbers and the names of the patients' physicians also were available online. The breach was discovered Oct. 9, but the medical institution did not send out notification letters to the 6,313 affected patients until early April, nearly six months later. The consequences of health care data breaches can be significant, said experts. Sensitive information can be used by employers, health insurers and other entities to discriminate. Additionally, thieves can use purloined information to obtain medical treatment and prescription drugs and to file false medical claims. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13677.html Mon, 05 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13676.html YOU MAY FEEL confident enough to pay your bills and do your taxes online, but what about posting and maintaining your entire medical history? That's a question many consumers will face as a growing number of employers, health insurers and other companies begin offering personal health records, or PHRs. These electronic records serve as a repository for an individual's medical history. For a cost of up to $200 (although many are free), PHRs will keep track of the doctors you've visited and the medications you've taken, as well as your allergies, cholesterol level, immunizations and even your family's medical history. You, and anyone else you grant permission to, can access all of the information via the web. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13676.html Mon, 05 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13675.html Governing the flow of protected health information between research organizations and public health surveillance organizations creates many questions concerning each party's legal and ethical responsibilities, particularly in a suspected epidemic. The Health Insurance Portability and Accountability Act (HIPAA) as well as the Common Rule, which promulgates rules for protecting study participants in federally sponsored research programs, provide regulations safeguarding protected health information. Both HIPAA and the Common Rule are focused toward the individual and mandate compliance nationwide. Public health law, however, is focused on the well-being and safety of the entire population. Unlike HIPAA, public health law is legislated by individual states rather than by the federal government and has no unifying mechanism for balancing privacy rights against public safety. The proper interaction between and appropriate application of HIPAA, the Common Rule, and public health law during a http://www.compliancehome.com/resources/HIPAA/Articles/abstract13675.html Fri, 02 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13668.html olution with New Version of IT Business Management (ITBM(TM)) Suite 29/04/2008 13:00:00 Business Wire eco-friendly goals of an organization. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13668.html Fri, 02 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13667.html Corporate IT executives need to beware the seven dirty secrets of the security industry that can undermine the safety of business networks, a security expert told attendees at Interop Las Vegas. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13667.html Fri, 02 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13666.html All it took was a quick Internet search to yield private medical information on more than two dozen Rio Grande Valley children. Until Thursday, the Web site of a children's rehabilitation clinic had a link to spreadsheets containing the full names, phone numbers and insurance status of about 25 patients. The information was in a backup folder linked to the Web site, not on the site's main page. But a link to the data pops up in a search using Google. An employee at a federal health agency discovered the information during a routine Internet search, and tried to alert the clinic, as well as a reporter. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13666.html Fri, 02 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13664.html A recent series of privacy breaches involving medical records at NIH, the University of California-Los Angeles Hospital System, Johns Hopkins University and others could undermine the health care industry's efforts for widespread adoption of electronic health record systems, the Wall Street Journal reports. The number and array of hospital employees who can quickly access EHRs has raised concerns about patient privacy protections, but hospitals are reluctant to restrict access too tightly to avoid creating obstacles to care delivery, especially in emergencies. Nonetheless, Johns Hopkins has added encryption software to its computers and increased employee education efforts about privacy, while UCLA plans to roll out changes that limit what kind of information in a patient's record hospital employees can access. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13664.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13646.html The security market continues to grow unabated, and with new business areas frequently arising, along with the increasing amounts of data that companies amass (and the growing legislation requiring them to keep it secure), there seems little chance of things slowing down. A review conducted by IDC has estimated that over 80 percent of all security software in Australia and New Zealand was sold through the channel in 2007. Senior analyst for security solutions, Patrik Bihammar, confirms that the channel is crucial to the security vendor community as it is the frontline of understanding customer needs as they often own the customer relationship. Unlike the enterprise market in which vendors can closely manage the relationships with their largest clients, the majority of SMBs are managed indirectly through partners, he said. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13646.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13642.html Hospital or first-time doctor visits all start with the same clipboard. Use it to fill out sensitive personal information and scrawl a signature on the dotted line after several pages of legal jargon. That information may not be securely stored away, however. Recent scandals reveal security breaches in the medical records of celebrities such as Britney Spears, George Clooney and Farrah Fawcett. So what about us non-celebrities? How secure is our personal information? Not very may be the answer, experts say. They cite information leaks, relaxed federal controls and medical records programs operating over the Internet as potential culprits. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13642.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13641.html Following Pennsylvania's announcement last week about the creation of a state health information exchange (HIE), several other states have announced plans for HIEs, as well, including one in Maryland and further grant money for one in New York state. Pennsylvania Gov. Edward G. Rendell signed an executive order recently creating the Pennsylvania Health Information Exchange (PHIX), which establishes a framework that will give health care providers improved access to clinical data and lead to safer and more efficient patient-centered care, according to state sources. The initiative is part of the Governor's Prescription for Pennsylvania health care reform plan. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13641.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13640.html Prosecutors have accused an administrative assistant of illegally accessing UCLA Medical Center patients' health records and selling celebrities' private health information to a national media outlet. The accusations appeared in an indictment that was unsealed Tuesday in U.S. District Court in Los Angeles. The indictment states that the former employee, Lawanda Jackson, 49, accessed and transferred the protected information in May 2007 in exchange for at least $4,600 worth of checks that were made out to her husband. The document does not state whose information was breached or which media outlet paid for the information. The Los Angeles Times linked the indictment to stolen records on Maria Shriver and Farrah Fawcett. The hospital has said that 61 celebrities' records have been illegally accessed and that it fired 13 employees because of the problem. Another six employees faced discipline and six doctors were under investigation. The hospital also said it strengthened its privacy prot http://www.compliancehome.com/resources/HIPAA/Articles/abstract13640.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13639.html These days in the IT security world there is more of everything. More devices. More compliance regulations. More data breaches. And certainly more malware and malicious threats. And in an era where there's more of everything, companies should start to think about reducing the number of appliances to tackle these threats without compromising business productivity and performance. That was the overriding message imparted by McAfee President and CEO Dave Dewalt in an afternoon keynote during Interop Las Vegas 2008 on Wednesday. With the maelstrom of security threats and regulations facing companies every day, Dewalt said, http://www.compliancehome.com/resources/HIPAA/Articles/abstract13639.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13628.html Miller-Keystone Blood Center appreciates the opportunity to clarify a concern that has arisen from the April 6 article, ''Phone call brings instant family for Valley man.'' While stating that recently reunited brothers Marlin Bozes of Allentown and Albert Strawbridge of Pen Argyl often donate blood together, the author wrotes that ''a former employee of the Miller-Keystone Blood Center looked up both men's donation histories and found they'd both been there on the same day in 1998, each unaware of the other's identity.'' This statement is inaccurate. The employee who discovered a connection in 1998 was Marlin's wife, Deborah, who is still an employee of Miller-Keystone Blood Center. In her role as a scheduler, Deborah is required to not only schedule donors, but to greet individuals at our donor center, and to pre-screen them to ensure they are currently eligible to donate blood. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13628.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13627.html Doctors can't cure the common cold and health care IT managers apparently can't stop the common data breach. Twenty-one of the 101 of the breaches tracked so far this year by information security group Attrition.org occurred at health care organizations. For example, insurer WellPoint said in early April that lax security on two servers run for it by a vendor likely exposed on the Internet some personal and medical data for 128,000 patients. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13627.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13618.html Patient data protection and overall safety is the No.1 priority for health care organizations of all types and sizes. Security in the health care industry must satisfy multiple constituencies -- clinicians want convenience, the IT department has to ensure security and the auditors need to know that organizations can control who is accessing critical patient data, from where and when. In addition, granting that access cannot be done at the expense of security or compliance. When HIPAA was passed in 1996, among the law's many provisions was the establishment of formal regulations designed to protect the confidentiality and security of patient information. On top of that, HIPAA security regulations require mechanisms for controlling access to patient data on health care provider' IT systems. The subsequent issue for health care organizations is that meeting these security and access management requirements is proving to be a challenge. One of the most common problems health care organizat http://www.compliancehome.com/resources/HIPAA/Articles/abstract13618.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13617.html Data management rules and regulations have become a major concern for businesses, due in large part to increasing oversight that often requires organizations to invest in new technologies in order to address compliance issues. However, the promise of enterprise technologies as a solution to the demands of data management compliance will go unmet absent a context of sound policy and strategic planning. Part 1 of this three-part series discusses the major challenges associated with the extensive web of rules and regulations affecting data management. Part 2 discusses current security threats and outlines how companies can safeguard their networks against them. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13617.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13616.html Deborah Peel, founder of Patient Privacy Rights, said the Genetic Information Nondiscrimination Act, approved last week by the Senate Health, Education, Labor and Pensions Committee, would not fully protect people from losing their jobs or health coverage because it allows insurers and employers to hold patients' electronic health information, Healthcare IT News reports. The bill would prohibit health insurers from adjusting premiums based on genetic testing, restricting enrollment or requiring genetic testing to qualify for insurance. It also would prevent employers from using genetic information to discriminate in hiring, compensation and other personnel processes, and require employers to confidentially maintain any genetic data they possess. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13616.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13615.html When it comes to protecting the privacy of patients' computerized information, the main threat the health-care industry faces isn't from hackers, but from itself. In a spate of recent security lapses at hospitals, health insurers and the federal government, private information on hundreds of thousands of patients, ranging from Social Security numbers to fertility-treatment and cancer records, has been compromised. The incidents have included the theft of an unencrypted laptop from an employee of the National Institutes of Health and the inadvertent posting of personal data unsecured on the Web from insurers WellCare Health Plans Inc. and WellPoint Inc. At the UCLA Hospital System, several employees were fired or disciplined recently for sneaking peeks at Britney Spears' computerized medical files. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13615.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13605.html Enterprises must find innovative ways to file archives in light of increasing compliance, productivity and cost-control needs. For the enterprises that choose to store data for decades, finding a long-term solution can be challenging, particularly as media changes. Regulatory mandates like the Health Insurance Portability and Accountability Act (HIPAA) or the Sarbanes-Oxley Act, as well as awareness about potential litigation, have already caused public companies to store data for longer amounts of time and in a secure fashion, but many enterprises are using a strategy that goes above and beyond whats simply required. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13605.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13604.html With comparisons to both its Xbox platform and the PayPal online payment platform, Microsoft aims to correct common misperceptions about its HealthVault platform.With comparisons to both Microsoft's Xbox platform and the PayPal online payment platform, Microsoft aims to correct common misperceptions about its HealthVault platform. Grad Conn, Healthcare and Life Sciences senior director for global consumer strategy, Microsoft, addressed attendees at Microsoft's Health and Life Sciences Developer Conference held April 22 through 24 in Atlantic City to explain that Microsoft is pioneering a new technology category with Microsoft's recent Amalga and HealthVault launches. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13604.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13603.html There's an alphabet soup of acronyms -- including SOX, HIPAA, GLBA and FISMA -- that enterprises must become familiar with in their effort to comply with data management regulations. Compliance with these regulations keep them in the clear legally, and also helps them stem the tide of cyber-crime.When it comes to properly managing and protecting critical enterprise data and information resources, Corporate America is stuck between two strongly opposing forces. The U.S. is world http://www.compliancehome.com/resources/HIPAA/Articles/abstract13603.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13601.html According to a recent survey, 65 percent of companies lack e-mail retention policies. Only 54 percent of the corporations surveyed conduct any kind of formal e-mail policy training. One in five U.S. companies has had employee e-mail subpoenaed in the course of a lawsuit or regulatory investigation. If you need some reasons why not having an e-mail retention policy is a bad idea, just keep reading. Baseline magazine ran a piece about companies who found out the hard way that not retaining data can hit the bottom line and hit it hard. From the piece: Philip Morris USA was ordered by a U.S. District Court judge in Washington, D.C., to pay $2.75 million in fines when it came out during federal tobacco litigation in 2004 that 11 managers didnt save printouts of their e-mail messages, as per company policy. As an added punishment, those managers were barred from testifying at trial, according to the order from U.S. District Court Judge Gladys Kessler. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13601.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13600.html In a development that consumer groups say raises privacy issues, a growing number of hospitals are mining patients' personal financial information to figure out how likely they are to pay their bills. Some hospitals are peering into patients' credit reports, which contain information on people's lines of credit, debts and payment histories. Other hospitals are contracting with outside services that predict a patient's income and whether he or she is likely to walk away from a medical bill. Hospitals often use these services when patients are uninsured or have big out-of-pocket costs despite having health insurance. Hospitals say the practice helps them identify which patients to pursue actively for payment because they can afford to pay. They say it also allows them to figure out more quickly which patients are eligible for charity care or assistance programs. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13600.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13588.html The way people communicate with each other in both personal and business contexts has changed dramatically in a few short decades. In todays virtual, paperless world, massive quantities of information can be transmitted in seconds from one location to another, anywhere in the world. As companies adopt and benefit from messaging technologies, they also struggle to define the parameters for their appropriate use. Forcing the issue are governing bodies and regulators in all industries, who have imposed strict requirements on the storage and management of messaging data in response to groundbreaking lawsuits in recent years. Organizations of all sizes are now realizing that a corporate e-mail archive is no longer a luxury, but a necessity in todays regulatory environment. What may seem an overwhelming prospect, however, should also be viewed as a key tool in creating a companys strategic advantage. More, e-mail archiving need not be daunting. Incredible growth in this market has led to http://www.compliancehome.com/resources/HIPAA/Articles/abstract13588.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13587.html They come in all warm-hearted, eager and smiling, those volunteers who may deliver flowers to patients, help issue visitor passes to anxious loved ones and ring up purchases in the gift shop. And today, when hospital finances are stretched to breaking, volunteers are serving an even greater role on medical campuses. But if Greg Young had his way, no volunteers under age 18 would be allowed to work at Mammoth Hospital in Mammoth Lakes, Calif., where he is the privacy and security officer. He considers these youngsters http://www.compliancehome.com/resources/HIPAA/Articles/abstract13587.html Thu, 24 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13577.html How crucial is Europe to the global pharmaceutical market? First consider that Europe, North America, and Japan comprise 80 percent of the world's pharmaceutical market. Take that statistic in conjunction with the estimation from Report Buyer, a renowned market research firm, that the Western European market alone is expected to grow to $245.3 billion by 2012. The engine that drives the European pharmaceutical market machine is, without question, the European Union (EU). With 27 member states, the EU represents the bulk of the European market. The 10 individual European markets that joined the EU in 2004 continue to show strong growth and contribute to the EU pharmaceutical market's overall strength. Pharmaceutical companies searching for further success in Europe or those wanting to capitalize on these strong growth trends by entering the European market for the first time must efficiently and cost-effectively obtain and maintain marketing authorization (MA). While individual member s http://www.compliancehome.com/resources/HIPAA/Articles/abstract13577.html Thu, 24 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13565.html The increased growth of various storage media has occurred at a time when increased security is required for data. In some respects, the growth has caused new data security problems. With the ongoing shift away from tape-based backup toward disk-based backup/recovery, as well as the increased use of portable drives, the risk of lost or stolen data increases. Not only is data in multiple locationsincluding portable devicesbut more people potentially have access to it. Certain organizations have more serious data security problems than others. For example, in healthcare, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) includes protection requirements for storage devices. Any activity that results in a data breach must be reported to the affected parties. Despite the considerable expense involved with a breach, the 19th Annual Healthcare Information and Management Systems Society (HIMSS) Leadership Survey reported nearly one-fourth of healthcare IT professionals http://www.compliancehome.com/resources/HIPAA/Articles/abstract13565.html Thu, 24 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13564.html State legislators are increasingly focused on health care reform. Escalating health care costs, state deficits, rising numbers of uninsured, and federal inaction have forced them to take up the challenge of changing state law, restructuring flawed state health insurance markets, and overhauling existing health care financing and delivery. This often requires a special level of technical expertise and experience with health care policy. Many state legislators are committed to introducing free-market principles of consumer choice and competition into the health care system. Because the circumstances in each state are radically different, there is no neat nationally applicable formula for free-market reform. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13564.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13543.html Patient data protection and overall safety is the number one priority for health care organizations of all types and sizes. Security in the health care industry must satisfy multiple constituencies--clinicians want convenience, the IT department has to ensure security and the auditors need to know that organizations can control who is accessing critical patient data, from where and when. In addition, granting that access cannot be done at the expense of security or compliance. When HIPAA was passed in 1996, among the law's many provisions was the establishment of formal regulations designed to protect the confidentiality and security of patient information. On top of that, HIPAA security regulations require mechanisms for controlling access to patient data on health care providers' IT systems. The subsequent issue for health care organizations is that meeting these security and access management requirements is proving to be a challenge. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13543.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13536.html Security terms are sometimes confusing. And like all expressions, sometimes the definition can get subtly changed over time. An example of this is http://www.compliancehome.com/resources/HIPAA/Articles/abstract13536.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13533.html Following Microsoft and Googles intentions to enter the medical field with programs designed to store medical records, two leading researchers point that such services dont fall under federal privacy laws. Dr. Kenneth D. Mandl and Dr. Isaac S. Kohane, physicians and researchers at Childrens Hospital Boston, the primary pediatric teaching hospital of the Harvard Medical School, in an article published Wednesday in the New England Journal of Medicine say theyre against the idea of huge companies merging together to host millions of confidential medical files. The thing the two doctors are concerned about is the fact that neither Google nor Microsoft has privacy policy measures that govern the confidentiality of a persons medical information, meaning that it is quite possible for files to be accessed by people who have nothing to do with them. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13533.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13532.html Two of the nations leading medical researchers recently published an article that warns of new challenges that are likely to become raised when large non-medical companies, such as Google and Microsoft, become involved with the online storage of personal health records. Online medical recordsThe doctors, Kenneth D. Mandl and Isaac S. Kohane, are both researchers and physicians at Childrens Hospital Boston, Harvard Medical Schools primary teaching hospital for pediatrics. In their article, published in the New England Journal of Medicine, the researchers suggest the inevitability of a seismic change in the way personal medical records will be stored and accessed if they are posted online, a change bringing implications of stewardship and control issues that have yet to be addressed thoroughly. Patient medical records are currently kept within the healthcare system that generates them. This information can be shared with other entities as long as some stringent federal guidelines http://www.compliancehome.com/resources/HIPAA/Articles/abstract13532.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13519.html Information and its conduits provide the lifeblood of the modern business, writes Alan Calder of IT Governance. They provide the key to competitive advantage, improved productivity, cost reductions and general organizational effectiveness. As a result, information and IT deserve far more board-level attention than they enjoy currently, and most organizations urgently need to adopt IT governance measures to achieve proper oversight. Information technology is a critical enabler for virtually any enterprise, particularly in a knowledge-based economy, where barriers to entry are low and the speed of innovation is immense, businesses have to constantly invest in their technology and ensure its dependability. Organisations with ill-conceived or outdated systems are in deep strategic trouble or heading out of business. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13519.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13518.html the New England Journal of Medicine published multiple articles on Personal Health Records (PHRs). The New York Times also highlighted the warnings of two of the authors of one of the NEJM articles, Drs. Mandl and Kohane, regarding PHRs not being covered by the Health Information Portability and Accountability Act (HIPAA) (Warning on Storage of Health Records, New York Times, by Steve Lohr, 4/17/08). Each piece perpetuates a very dangerous and seldom challenged lie: that HIPAA protects your privacy. Contrary to popular belief, the P in HIPAA does not stand for privacy. Rather, HIPAA allows millions of healthcare businesses to snoop in our personal health records without our permission for treatment, payment and operations (TPO), which allows data mining, marketing and the sale of our electronic records. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13518.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13507.html Charlene Underwood, M.B.A., director of government and industry affairs for Siemens Medical Solutions Health Services, has been elected to serve on The Healthcare Information and Management Systems Society (HIMSS) board. HIMSS members provide global leadership for the optimal use of healthcare information technology (IT) and management systems to optimize healthcare outcomes. A nationally recognized expert in the field of healthcare informatics, Underwood will use the breadth of her experience working collaboratively in diverse communities to develop and support HIMSS initiatives that leverage the value of current IT investments as the industry adopts emerging interoperability standards. This will be especially critical because of the current governmental push to increase access, improve quality and reduce the cost of care. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13507.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13506.html Apple's 160GB iPod Classic, introduced last September, is a music and movie lover's dream machine. But for IT departments, it's a security nightmare. That's because any employee can plug this pocket-sized USB storage device into their computer and use it to steal vast amounts of corporate information, including mailing lists, databases, financial records and confidential customer data. Of course you don't need an iPod to steal data: 4GB USB memory sticks are cheap and ubiquitous, or, for employees intent on stealing really large amounts of data, devices like Buffalo's recently announced LinkStation Mini offer a terabyte of storage in a case that fits in the palm of the hand. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13506.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13505.html Another article has echoed concerns that new, online services that store patient records present serious privacy questions. Calling them http://www.compliancehome.com/resources/HIPAA/Articles/abstract13505.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13504.html As Kindred Healthcare CIO Rick Chapman begins to discuss storage strategies, he asks a revealing rhetorical question. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13504.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13502.html In an article in The New England Journal of Medicine, two leading researchers warn that the entry of big companies like Microsoft and Google into the field of personal health records could drastically alter the practice of clinical research and raise new challenges to the privacy of patient records. The authors, Dr. Kenneth D. Mandl and Dr. Isaac S. Kohane, are longtime proponents of the benefits of electronic patient records to improve care and help individuals make smarter health decisions. But their concern, stated in the article published Wednesday and in an interview, is that the medical profession and policy makers have not begun to grapple with the implications of companies like Microsoft and Google becoming the hosts for vast stores of patient information. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13502.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13482.html In the uphill battle against enterprise security threats, a variety of issues arise that have an enormous impact on both the internal and external factors affecting a company. And while some firms may choose to focus on areas that have a direct impact on the bottom line, they would be well advised to know that simpler things such as passwords are an extremely important element in a companys security. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13482.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13479.html Increasing patient control of health records could dramatically change how medical research is conducted, say Children's Hospital Boston researchers. In a Sounding Board article in the April 17 issue of the New England Journal of Medicine, the researchers noted that the shift to personally controlled health records (PCHRs) will give patients and doctors easier access to records during clinical care and will also have a major impact on the conduct of biomedical research. With PCHRs, patients have Web-based access to almost all the information -- such as lab tests, diagnoses, medications and clinical notes -- in their medical records. They can decide who gets to see that information. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13479.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13475.html Employee training is a vital part of any business, most especially in the health care industry. Health care has one of the highest accident rates of any industry in the country. As if that weren't enough, employees must also comply with multiple government regulations, like HIPAA and OSHA. The fines for noncompliance are hefty, and can severely harm a clinic unfortunate enough to incur them. However, the idea of managing employee training has become one that you dread. Getting everybody set up to take the classes, finding instructors and videos, and keeping track of it all becomes a monumental headache. And that's probably not the only item on your to-do list. Don't let necessary employee training become a horrific headache. Online training courses have a number of advantages that can help you manage training simply and efficiently. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13475.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13466.html As a growing number of patients take an increasingly proactive role in the management of their own health, sales of software programs that give users access to their personal health records are set to explode, experts say. But the impending proliferation means new responsibilities for CIOs as hospitals experiment with the programs, which can let patients upload their health data from hospitals and doctors. The IT departments at hospitals using cutting-edge programs such as Google Health and Microsoft HealthVault will have to build interfaces to communicate with those programs, known as electronic personal health records (EPHRs). http://www.compliancehome.com/resources/HIPAA/Articles/abstract13466.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13462.html Large enterprises have teams of IT admins to tackle the big task of compliance with regulations like HIPAA, SOX and PCI DSS. Mid-sized firms, however, have plenty of records to account for but not as many resources to do the accounting. Some simply resign themselves to penalties if and when they're ever audited. Some software makers, however, are beginning to address the niche. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13462.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13450.html HIPAA is U.S.Public Law 104-191 the Health Insurance Portability and Accountability Act of 1996.Congress created the Act to improve health care enabled by the nation s health plans and providers.The Department of Health and Human Services mandates standards-based implementations of HIPAA by all health care organizations th hat create e, store or transm mit electronic protected health information.Non-compliance can trigger various civil penalties,including fines and/or imprisonment. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13450.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13446.html Remediation of network vulnerabilities before exploits strike is the golden ideal for every organization. Proactive remediation strengthens security by removing the exploitability of assets. This is the safest of ll states, and helps to ease traditional reliance as the primary protection against hackers and other network-borne threats. Documentation of regular,ongoing vulnerability remediation is also a common network security requirement of laws and regulations such as PCI, GLBA and HIPAA. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13446.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13441.html Guard your medical information with your life. Otherwise, you run the risk of falling to victim to identity thieves who can't wait to pretend that they're you. This is a crime you could spend years trying to climb out of. It's bad enough if someone steals your wallet and runs up your credit cards; at least you can go to the credit bureaus to clear your name. The Health Insurance Portability and Accountability Act of 1996 (commonly referred to as HIPAA) entitles you to a copy of your own medical records. But if an impostor receives care in your name, you may be denied access because those records are now mixed up with someone else's. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13441.html Mon, 14 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/HIPAA/Articles/abstract13435.html McAfee officials elaborated on their plan to put a greater emphasis on IT governance, risk and compliance April 9 at the RSA Conference here. The security vendor's recently established Risk and Compliance Business Unit allows the company to focus on integrating and adding products and services to its GRC portfolio - starting with the release of McAfee Vulnerability Manager 6.5. Vulnerability Manager 6.5, which supports Windows and Unix systems, includes agent-less scanning to assist in policy compliance audits and is meant to help companies meet the requirements for compliance reporting mandated by both regulatory and industry standards. http://www.compliancehome.com/resources/HIPAA/Articles/abstract13435.html