A laptop stolen from an employee of Accretive Health last year was not encrypted "due to the oversight of an individual IT employee," the company says in a 29-page comment letter sent to Sen. Al Franken, D-Minn. That employee subsequently was fired, the company reports.
Federal regulators have received hundreds of comments about proposed rules for Stage 2 of the HITECH Act EHR incentive program, sparking debate on many issues, including how to provide patients with prompt, secure access to their records.
Post-breach, organizations must have a full grasp on what happened - and convey that message consistently. Too often, that's not the case, says attorney Ronald Raether. What steps must organizations take?
The social network Myspace has settled with the Federal Trade Commission over misrepresenting its privacy policies by sharing personally identifiable information with advertisers without first getting permission from users.
Even with security information and event management systems, organizations labor to separate normal log data from actionable events, according to the latest Log and Event Management Survey from the SANS Institute.
The web-services protocol developed by the National Institute of Standards and Technology allows desktops, laptops, e-tablets and smartphones to access sensors that capture biometric data such as fingerprints, iris and face images.