Recently Glass launched the All Hands on Deck, WE Can briefings/discussions to bolster her company's engagement and research over 3 1/2 months regarding the Affordable Health Care implementation.
Compliance, legal and regulatory policy issues are also a high priority for Glass's office. They are part of the building blocks for successful implementation of issues relating to privacy and security of internet use. They are also seen as necessary prior to the implementation of the Affordable Health Care Act - January 1, 2014.
IT/Information Technology
IT is one of the pivotal points pushed by the US Government Health and Human Services for implementation of the Affordable Health Care law. Use of computers and the internet is pitched as a primary way of promoting health care.
Glass is looking at legal and regulatory assurances at the state level of Wisconsin, and how they square with the federal HIPPA law and other federal laws around privacy and security.
Mobile Devices
MPA LLC sees putting IT in the hands of Milwaukeeans as not only clever and state-of-the-art, but helps solve the digital divide and health wellness concerns at the same time. However, like so many other things, you can seek to solve one thing but must be concern with others due to closely related issues and NEW concerns in compliance and assurances. In this case, privacy and security are big issues when dealing with mobile devices.
Privacy issues are basically, but not always, covered by HIPPA/Health Insurance Portability and Accountability Act (1996).
Health Information Privacy
The Office for Civil Rights enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety.BELOW are 10 tips around "mobile security"by Ericka Chickowski.
Security risks rise with the sophistication of mobile devices.
1. Choose Devices Carefully
Not all devices are created equally when it comes to security. For example, iPods are built for general consumers not as concerned by security and is therefore less inherently secure than a BlackBerry device designed for enterprise users.
Not all devices are created equally when it comes to security. For example, iPods are built for general consumers not as concerned by security and is therefore less inherently secure than a BlackBerry device designed for enterprise users.
“The degree to which IT managers can control security onmobile devices is highly dependent upon the vendor that they select,” DeBeasi says. “You should try to get mobile devices that have the best possible control and security on them and then use those mechanisms and it will go a long way to locking down those mobile devices.”
2. Turn On Encryption
Once you choose devices with stronger security controls, use those controls! DeBeasi says that many organizations do not enforce or even set policies mandating the use of device encryption on mobile devices.
“Many people don't go through the bother of doing the encryption. You always want to be careful and you always want to have a level of paranoia about what happens to your sensitive information,” he says. “ Mainstream enterprises need to lock it down and take it seriously like they do with a laptop and be really consistent with their policies and enforce them.”
3. Require Authentication
A survey released by Credent Technologies in September 2008 found that in just a six month period more than 31,000 New Yorkers left behind mobile devices in a taxicab. The fact of the matter is that these devices are just too easy to lose to go without proper authentication. And yet, most enterprise users don’t use the password function on their devices.
“So imagine, you lose your phone in a cab and the next passenger gets in opens it up and then they immediate access to your device because you didn't put any authentication in there,” DeBeasi says.
He says that it is critical that users be required to turn on device authentication so that lost devices can not be easily accessed by any person that finds or steals a device.
2. Turn On Encryption
Once you choose devices with stronger security controls, use those controls! DeBeasi says that many organizations do not enforce or even set policies mandating the use of device encryption on mobile devices.
“Many people don't go through the bother of doing the encryption. You always want to be careful and you always want to have a level of paranoia about what happens to your sensitive information,” he says. “ Mainstream enterprises need to lock it down and take it seriously like they do with a laptop and be really consistent with their policies and enforce them.”
3. Require Authentication
A survey released by Credent Technologies in September 2008 found that in just a six month period more than 31,000 New Yorkers left behind mobile devices in a taxicab. The fact of the matter is that these devices are just too easy to lose to go without proper authentication. And yet, most enterprise users don’t use the password function on their devices.
“So imagine, you lose your phone in a cab and the next passenger gets in opens it up and then they immediate access to your device because you didn't put any authentication in there,” DeBeasi says.
He says that it is critical that users be required to turn on device authentication so that lost devices can not be easily accessed by any person that finds or steals a device.
4. Utilize Remote Wipe Capabilities
Give IT staff the ability to remotely access and disable devices in the event of loss or theft. This could be very handy in a situation where, say, an executive loses his or her device at a conference—along with yearly sales projections and strategies stored within, DeBeasi says. With the remote capability all it would take is a quick call to IT and they’ll take care of it.
5. Set Up a Lost Phone Hotline
It is not good enough simply to have remote wipe capabilities. Organizations also need to have a procedure set for users who have lost their devices. Make it easy for them to call IT to alert staff that a device has been lost by setting up a direct line and publicize the procedure for IT notification in such an event.
“If you're concerned about losing data, make sure your users have a contact point where they can get a hold of you so you can initiate that process to wipe them over the network and make sure that data isn't lost,” Cross says. “They’ll have an incentive to get a hold of you if they want another phone, but it’s useful if they know who to call and that you can immediately start that process.5. Set Up a Lost Phone Hotline
It is not good enough simply to have remote wipe capabilities. Organizations also need to have a procedure set for users who have lost their devices. Make it easy for them to call IT to alert staff that a device has been lost by setting up a direct line and publicize the procedure for IT notification in such an event.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.