Posted by: psilva | February 5, 2009

Regulation Roundup


Most of my rants recently have been about the need to encrypt sensitive data, even on private networks, especially since breaches are hitting the news regularly now.  In 2008, Regulatory Compliance was a hot topic and PCI, HIPAA, GLBA, SOX and others receiving plenty of coverage throughout the year.  While some companies are still struggling to abide by ‘08 deadlines, ‘09 has a few of it’s own.  The following are just a few compliance deadlines for 2009 that might affect your business.

New e-prescribing regulations take hold April 1, 2009: Under the new regulations, any physician who electronically prescribes drugs covered under a Part D plan must comply with new CMS standards for communication of information between providers and Part D plan sponsors.  By 2011, there’s a goal of universal e-prescribing under Medicare.  This does not mean that all Rx will now have to be sent electronically, just that those Doctors who are using an electronic system for Medicaid/Medicare scripts must abide by these rules.  There are a whole range of security challenges here from data transmission, to doctors using mobile devices, to massive breaches of such sensitive info, to storage.

FTC extends ID-Theft compliance Deadline to May 1, 2009: This is the ‘Red Flag’ rule.  Initially slated for a November 1, 2008 deadline, Red Flag requires any entity (including health care) that maintains ‘accounts’ or is a ‘creditor’ to implement anti-identity theft measures.  It’s supposed to protect consumers from fraud that is gained by using another person’s identity without their knowledge.  Written procedures that identifies suspicious activity (red flag), mitigates damage if their is a breach and staff training are all part of the regulation.  HIPAA alone does not make a health care facility compliant.

PCI-PoS/PED deadline July 10, 2010:  PCI is extending their guidelines for DSS to cover unattended Point-of-sale PIN entry devices.  These are those ‘Pay for your parking’ machines, ‘tickets for event’ kiosks, vending machines and any other terminal where a PIN might be entered.  First, by July 1, 2009, Triple-DES will be mandated for all debit transaction processing.  A year later, all fuel pumps (and like terminals) will need to have encrypted PIN entry pad, be able to encrypt the PIN itself and process using TDES. 

Each of these will require infrastructure security, identity and access management, encryption, acceleration, availability, storage, and a host of other technologies.  You don’t have to look far however to find a solution since F5 can help you succeed this latest round of compliance deadlines.

ps

Advertisements

Responses

  1. I just stopped by your blog and thought I would say hello. I like your site design. Looking forward to reading more down the road.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: