[email protected] (David Spiegel) writes: > *HIPAA Summary of the HIPAA Security Rule https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
after leaving ibm, did some amount of work with financial industry, including rep on standards committees ... as part of being co-author for the privacy standard ... had number of meetings with fed privacy officers ... also meeting with people behind HIPAA ... there were two that were still around who had originally drafted HIPAA back in the 70s ... and bemoaning how long it took to get passed ... and at the time, the health industry had still managed to block/delay including any penalties for HIPAA privacy&security violations. We had to talk to HIPAA people because there were situations were monthly financial transaction statement could leak information about medical tests and procedures. along the way, had been asked to help word smith the cal. state data breach notification act (1st in the nation). there were several participants heavily into privacy issues and had done detail public surveys and found that the #1 issue was "identity theft" resulting in fraudulent financial transactions (largely as result of breaches). At the time little or nothing was being done about breaches. The issue is that entities normally take security countermeasures in self protection, however in the breach cases, the institutions weren't at risk, it was the public (and the institutions were doing a lot to obfuscate when any breaches occured). It was hoped that publicity from breach notifications might motivate corrective action. I was able to include in the financial privacy standard some of the work that went into the cal. breach notification legislation regarding needing to motivate institutions to protect their customers and the public privacy. -- virtualization experience starting Jan1968, online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
