Sunday, December 5, 2004

InfoWorld: Tales from the data entry trenches: November 26, 2004: By Jon Udell The ordeal begins at the registration desk, where, no matter how many visits youâo[dot accent]019ve made -- sometimes even on the same day -- you are required to âo[dot accent]01Cverify your information.âo[dot accent]01D Listening to someone read from a screen such facts as date of birth, address, employer, and insurer has always bugged me. But when this procedure is immediately repeated at the surgical registration desk, it becomes a flagrant HIPAA violation. Anyone within earshot is made privy to information the hospital must, by law, safeguard. After you have been admitted, each exam room and lab requires its own consent form. Theyâo[dot accent]019re all identical, so you wind up scribbling the same information, which you only just painstakingly verified, onto one piece of paper after another. Itâo[dot accent]019s easy to mock this kind of bureaucracy, and I donâo[dot accent]019t pretend that if I were king, I could bring order out of the chaos. But I do think putting people in charge of their own data entry would help. 2:03:24 PM  PermaLink   / trackback []

MercuryNews.com | 12/03/2004 | California to notify 1.4 million of hacking risk SACRAMENTO - The state will spend $691,000 to mail notices to 1.4 million Californians next week alerting them that their personal information might have been accessed by a hacker in August. The mailers represent the state's latest effort to warn those residents about an attack on a University of California-Berkeley computer. The university said in September that a hacker had gained entry to a system with names, addresses, birth dates and Social Security numbers. The state provided the information to the university for a study of recipients and caregivers in a program assisting the sick and elderly in their homes. In all, the state sent a researcher information on 1.4 million participants of the In Home Supportive Services program. The university said information on 600,000 of those people was breached. 1:57:15 PM  PermaLink   / trackback []

Personal Identity Verification (PIV) Project In response to HSPD-12, the NIST Computer Security Division has initiated a new project for Personal Identity Verification (PIV) of Federal employees and contractors. A set of Federal Information Processing standards, guidelines, recommendations, and/or technical specifications has been identified as being needed to: properly protect the personal privacy of all subscribers of the PIV system; authenticate identity source documents to obtain the correct legal name of the person applying for a PIV "card"; electronically obtain and store appropriate biometric data (e.g., fingerprints, facial images) from the PIV system subscriber; create a PIV "card" that is "personalized" with data needed by the PIV system to later grant access to the subscriber to Federal facilities and information systems; assure appropriate levels of security for all applicable Federal applications; and provide interoperability among Federal organizations using the standards. FIPS 201, tentatively entitled Personal Identity Verification Standard, is scheduled for development and promulgation by February 28, 2005, in accordance with the HSPD-12. Supporting guidelines, recommendations, reference implementations, and conformance tests will be developed as needed to support implementers and users of the PIV standard. A draft project narrative and project briefing slides provide a current overview of the PIV project and the anticipated PIV standard. Additional information will be available on this website as this work progresses.  11:28:26 AM  PermaLink   / trackback []

Slashdot | Feds To Have Unified Biometric Federal ID System An anonymous submitter writes "There have been rumors flying among the scientific community about a proposed standard for 'Personal Identity Verification' by the National Institute for Standards and Technology (NIST). According to the standard, all federal employees and contractors would require a 'PIV "card" that is "personalized" with data needed by the PIV system to later grant access to the subscriber to Federal facilities and information systems.' Besides the likely efficacy questions, concerns in the scientific community concern what impact this will have on our foreign collaborations (or even grad students)." 11:25:07 AM  PermaLink   / trackback []

FairUCE - the Smart Email Proxy. Jestrzcap writes "This just posted on Freshmeat: FairUCE (which stands for 'Fair use of Unsolicited Commercial Email') is an SMTP proxy, running between multiple instances of Postfix, that verifies email by attempting to verify the sender through lookups (a user customized challenge/response). It claims to be able to 'stop a vast majority of spam' without the need for content filters, and 'virtually eliminates spoofed addresses, phishing, and even many viruses with a few cached DNS look-ups and a couple of if/then statements'." [Slashdot] 11:22:48 AM  PermaLink   / trackback []

newsobserver.com | Keeping health privacy - A chat with Mike Hubbard about HIPAA Keeping health privacy Hubbard By JEAN P. FISHER, Staff Writer A CHAT WITH Mike Hubbard about HIPAA Who sees your personal medical information? If it gets into the wrong hands, who's to blame? The privacy rule of the Health Insurance Portability and Accountability Act, or HIPAA, which took effect April 14, 2003, requires physicians, hospitals and others who have daily access to private medical information to develop written policies for how they safeguard such information, and to make patients aware of such safeguards. Jean P. Fisher talked recently to Mike Hubbard, a HIPAA expert and a lawyer with Smith, Anderson, Blount, Dorsett, Mitchell & Jernigan in Raleigh. 11:19:43 AM  PermaLink   / trackback []