HIPAA news: Archives - January 2002

HIPAAdvisory > HIPAAnews > Archives

glossary
FAQ
search
site map

privacy policy
contribute
advertise
contact us

January 2002 News Archives:

January 31, 2002 Qwest Calls Off Plan to Share Info Qwest Communications has withdrawn plans to share customer information among its divisions after receiving some complaints. Chairman and CEO Joseph P. Nacchio said Monday that the Denver-based company will wait until the Federal Communications Commission issues new rules on customer records later this year before developing another plan. "When many of our customers tell us that they're concerned or don't understand what we're doing, it's time to stop the process and make a change,'' Nacchio said.

Qwest included notices in December bills telling customers they had 30 days to contact the company if they wanted to keep their information private. The move angered and confused many because it was not clear whether Qwest would sell the information to outside companies. Qwest sent out another flier last week to explain that it was planning to share information only with divisions such as Qwest Wireless or Qwest Dex. Customers trying to opt out of the information sharing program also were frustrated because they were unable to get through to the overloaded toll-free telephone number set up to handle privacy requests. Less than 4 percent of customers had opted out of the program by Monday. Read more.

Three Minnesota Democrats, however, say promises from Qwest to hold off on sharing customer information don't go far enough to protect privacy in the long run. One of the three, Senator Paul Wellstone, (D-MN), two weeks ago wrote to FCC Commissioner Michael Powell, asking him to demand that companies get permission from consumers before sharing their records. Qwest serves 14 states, including Minnesota. Read more.

January 31, 2002 US Plans Detailed Air Traveler Database & ID Card Both the Washington Times and the Washington Post report the US Department of Transportation task force is taking first steps toward "trusted-traveler" cards for airline passengers. The electronic card would have an encoded biometric description of the owner to ensure that the person using it is the same person identified on the card. The trusted-traveler card is part of the Aviation and Transportation Security signed by President Bush Nov. 19 that authorized the Transportation Security Administration to "establish requirements to implement trusted passenger programs and use available technologies to expedite the security screening of passengers."

Additionally, FAA and technology companies will soon begin testing a vast air security screening system designed to instantly pull together every passenger's travel history and living arrangements, plus a wealth of other personal and demographic information.

The government's plan is to establish a computer network linking every reservation system in the United States to private and government databases. The network would use data-mining and predictive software to profile passenger activity and intuit obscure clues about potential threats, even before the scheduled day of flight.

Civil liberties activists said they fear the beginnings of a surveillance infrastructure that will erode existing privacy protections.

Full Story on the ID card from the Washington Times.

Full Story on the database from the Washington Post.

January 31, 2002 New White Paper Explains How Smart Cards Can Improve Security and Protect Personal Privacy The Smart Card Alliance, a non-profit association working to accelerate the widespread adoption of multiple applications for smart card technology, recently released a white paper entitled, "Secure Personal Identification Systems: Policy, Process and Technology Choices for a Privacy-Sensitive Solution." Smart cards are plastic cards with computer chips embedded in them. These chips can store information (memory cards) or store and process information (microprocessor cards). The new Alliance paper describes key policy, process and technology considerations for a secure personal ID system and speaks directly to a key concern - protection of individual privacy rights.

Read the white paper (PDF).

Read more about smart cards.

January 24, 2002 HHS Revises Consent Section of Privacy Guidance, NPRM Expected Soon On January 14th, HHS revised its July 6, 2001 "Consent" guidance to remove one Q&A in response to public concerns about certain examples used in the answer. The examples of "coordination of benefits" and "secondary payer situations" regarding services to an individual implied that an authorization would be required for uses and disclosures by providers in these situations when the consent of that individual would be sufficient.

HHS is also getting ready to issue an NPRM on privacy, according to both an HHS official and Tom Gilligan, Executive Director of the Association For Electronic Health Care Transactions (AFEHCT). The Privacy NPRM is expected by mid- to late February, with a 30-day comment period. This will be the first update of privacy regulations as provided for in the original HIPAA statute. "The proposed rule will answer a lot of questions," said Kelly Heilman, privacy program and policy specialist for HHS's Office of Civil Rights (OCR), the office charged with enforcing the privacy rule. "We are looking to publish an enforcement rule to provide more details."

Read the Privacy Guidance.

January 24, 2002 Hospitals Ask HHS to Publish Other HIPAA Rules The nation’s hospitals are implementing the final transactions and code sets rule authorized under HIPAA, yet won’t fully realize the benefits of standard transactions unless federal officials publish additional rules, according to the American Hospital Association. Health Data Management reports the Chicago-based organization on Jan. 16 sent a letter to HHS Secretary Tommy Thompson asking for quick publication of the proposed rules for standard claims attachments and health plan identifiers. Full Story.

Read AHA's letter to Sec. Thompson.

January 24, 2002 Eli Lilly Settles E-Mail Privacy Breach Health Data Management reports drug giant Eli Lilly & Co. has escaped a fine in a proposed settlement with the Federal Trade Commission for unauthorized disclosure of sensitive consumer information. The Indianapolis-based company sells the anti-depressant medication Prozac and the Web site www.prozac.com offered an e-mail service, called Medi-messenger, to remind subscribers to take or refill their medication. On June 27, 2001, Lilly sent an e-mail to the subscribers announcing termination of the Medi-messenger service. Because of a programming error, the “To:” line of the e-mail contained the individual e-mail address of all 669 subscribers. Full Story.

January 17, 2002 NIST Releases New Guides on Contingency Planning and Firewalls The draft NIST Special Publication 800-34, "Contingency Planning
Guide for Information Technology Systems" is available for public comment. The document provides instructions, recommendations, and considerations for government IT contingency planning. The information presented in the document addresses seven IT platform types and defines a seven-step contingency process that an agency may apply to develop and maintain a viable contingency planning
program for their IT systems. The seven steps are designed to be integrated into each stage of the system development life cycle.

NIST also recently released Special Publication 800-41, "Guidelines on Firewalls and Firewall Policy." This document contains an overview of recent developments in firewall technology, and guidance on configuring firewall environments. It discusses firewall access control, active content filtering, DMZs, and co-location with VPNs, web and email servers, and intrusion detection. It contains guidance on developing firewall policy and recommendations for administering firewalls. Lastly, it contains several appendices with links to other firewall-related resources and recommendations for configuring and operating firewalls.

View the draft Contingency Planning document.

View the Firewall Guidelines document.

January 14, 2002 CERT: Security Incidents More Than Double in 2001
The number of security incidents reported to the Computer Emergency Response Team Coordination Center (CERT/CC) more than doubled in 2001 compared with the prior year, according to figures the group released Friday reports ComputerWorld. Security incidents have risen nearly every year since CERT's founding in 1988. That trend has risen sharply in the past few years with nearly 10,000 incidents reported for 1999, more than 21,000 in 2000 and now nearly 53,000 in 2001. Reports of security vulnerabilities in software have followed the same trend as security incidents as well. Full Story.

January 14, 2002 Motor Vehicle Group Backs High-Tech Driver's Licenses The Washington Post reports state motor vehicle officials today plan to ask Congress for up to $100 million to create a national identification system that would include high-tech driver's licenses and a network of tightly linked databases of driver information. Shortly after the attacks, officials from the American Association of Motor Vehicle Administrators floated the idea of adopting cards containing fingerprints, computer chips or other unique identifiers to improve security, saying that driver's licenses have already become the "de facto national identification card."

January 11, 2002 VIRUS ALERT: JS.Gigger Worm Spreading Multiple sources confirm the spread of a new Internet worm. JS.Gigger.A@mm is a worm written in JavaScript. Like many other recent worms and viruses, JS.Gigger uses Microsoft Outlook and mIRC to spread. The worm arrives as an email message that has the following characteristics:

Subject: Outlook Express Update
Message: MSNSofware Co.
Attachment: Mmsn_offline.htm

It attempts to delete all files on the computer and to format drive C if the computer is successfully restarted. Technical information

January 10, 2002 Government Taking Steps to Encode Personal Data on Driver's Licenses The government is taking first steps with the states to develop driver's licenses that can electronically store information - such as fingerprints - for the 184 million Americans who carry the cards. Privacy experts fear the effort may lead to de facto national identification cards that would allow authorities to track citizens electronically, circumventing the intense debate about federal ID cards. The Transportation Department, under instructions from Congress, is expected to develop rules for states to encode data onto driver's licenses to prevent criminals from using them as false identification. Under a new national standard, a license from California could be verified and recorded using equipment even in Texas or Florida. Full Story.

January 8, 2002 DHHS Moves to Dismiss AAPS Suit On August 30, 2001, the Association of American Physicians and Surgeons ("AAPS"), Rep. Ron Paul (R-TX), and three individual "patients" filed a civil suit, alleging that the Privacy Rule violates the Fourth and First Amendments. Three months later, the Department of Justice, on behalf of DHHS, moved the Court to dismiss each of the plaintiffs' five causes of action.
Read more, including a summary of the defendants' argument.

January 2, 2002 Qwest Plan Stirs Protest Over Privacy Qwest Communications recently sent its customers a pamphlet similar to those distributed last year by financial institutions, describing the ways that Qwest will use the customer's personal data. Other telephone carriers will be sending out notices as well, according to the Federal Communications Commission. But the breadth of the Qwest statement has privacy advocates upset. It says that unless customers contact the company to prohibit the practice, Qwest will share with its several subsidiaries such data as telephone services used, billing information and places called. Full Story.

News Archives

Go to TOP

Current News