***************************************************** Edupage is a service of EDUCAUSE, a nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology. *****************************************************
TOP STORIES FOR MONDAY, OCTOBER 31, 2005 NIH Exposes Applicant Data Bill Addresses Security of Patient Records Banks to Upgrade Online Security Insuring Open Source NIH EXPOSES APPLICANT DATA Following a story last week in the journal "Science," the National Institutes of Health (NIH) acknowledged that information included in grant applications submitted to the agency had been inadvertently exposed online. According to the NIH, an individual who was reviewing the applications downloaded them in such a way that they were indexed by Google and were available on its site. The NIH did not say how many applications were exposed, nor did it comment on how it is dealing with the incident. The NIH said it has changed procedures to prevent such an incident from happening again. Representatives from "Science," which put the number of exposed applications at 140, accused the NIH of being slow to notify affected applicants and to provide them with specifics about when their data were exposed. The incident raises concerns about an NIH plan to migrate to an entirely online application process by 2007, a move designed to save money and streamline the application process. Chronicle of Higher Education, 31 October 2005 (sub. req'd) http://chronicle.com/daily/2005/10/2005103103n.htm BILL ADDRESSES SECURITY OF PATIENT RECORDS Rep. Nancy Johnson (R-Conn.) has introduced a bill in Congress designed to create federal standards for the protection of personal information that might be included in a national health information network. Currently, such information is subject to varying state laws, and this lack of consistency would likely be a significant roadblock to any national database of health-related data. Among the bill's provisions, it would create the position of National Coordinator of Health IT, require the Department of Health and Human Services to use consistent coding for medical procedures, and allow the distribution of technologies that would help reduce paperwork and permit the electronic exchange of information among health care providers. The e-Health Initiative, the American Health Information Management Association, and the Federation of American Hospitals are among the supporters of Johnson's bill. Other bills addressing similar issues have been introduced, but Johnson's bill might have an easier path through Congress because she is chair of the health subcommittee of the House Ways and Means Committee. Federal Computer Week, 28 October 2005 http://govhealthit.com/article91233-10-28-05-Web BANKS TO UPGRADE ONLINE SECURITY Responding to an order from federal regulators, U.S. banks have begun employing "two-factor" authentication, which must be in use by all banking institutions by the end of 2006. Credit card companies have for years used various types of authentication that go beyond passwords, but because losses to fraud in the banking industry have been less than the cost of implementing such measures, most online banking transactions still only require a name and a password. In October, the Federal Financial Institutions Examination Council, which includes regulators from groups such as the Federal Reserve and the Federal Deposit Insurance Corporation, said that banks must improve their online security by the end of 2006. Regulators will monitor banks' efforts through periodic inspections. Two-factor strategies work by correlating a security measure such as a password with a secondary factor. The other factor might be a hardware token that includes another password, software solutions that generate one-time passwords, or a check to see where a user request originates. If, for example, a user logs in from the United States one day and Europe the next, the system might ask for further evidence of identity before allowing any transactions. Wired News, 30 October 2005 http://www.wired.com/news/business/0,1367,69418,00.html INSURING OPEN SOURCE Using open source software exposes organizations to a number of risks not typically encountered with proprietary software, and a group of companies is now offering policies to address that risk. Kiln Risk Solutions, which is a division of Lloyd's of London, is working with Miller Insurance Services and Open Source Risk Management to provide coverage for the kinds of claims that have been seen in recent years over open source technologies. Claims concern issues such as copyright, whether proprietary code is included in an open source application, and failure to meet the terms of open source licenses. Linux operating systems, for example, fall under something known as the General Public License, and organizations using Linux must follow the terms of that license. In some cases, the new policies being offered for open source might cover the costs of bringing code into compliance with applicable licenses. ZDNet, 31 October 2005 http://news.zdnet.com/2100-3513_22-5924112.html ***************************************************** EDUPAGE INFORMATION To subscribe, unsubscribe, change your settings, or access the Edupage archive, visit http://www.educause.edu/Edupage/639 Or, you can subscribe or unsubscribe by sending e-mail to [EMAIL PROTECTED] To SUBSCRIBE, in the body of the message type: SUBSCRIBE Edupage YourFirstName YourLastName To UNSUBSCRIBE, in the body of the message type: SIGNOFF Edupage If you have subscription problems, send e-mail to [EMAIL PROTECTED] ***************************************************** OTHER EDUCAUSE RESOURCES The EDUCAUSE Resource Center is a repository for information concerning use and management of IT in higher education. To access resources including articles, books, conference sessions, contracts, effective practices, plans, policies, position descriptions, and blog content, go to http://www.educause.edu/resources ***************************************************** CONFERENCES For information on all EDUCAUSE learning and networking opportunities, see http://www.educause.edu/31 ***************************************************** COPYRIGHT Edupage copyright (c) 2005, EDUCAUSE