Showing posts with label Email. Show all posts
Showing posts with label Email. Show all posts
Monday, February 20, 2017
Thursday, October 31, 2013
Report: NSA collecting millions of contact lists
Phys.org
Originally published October 15, 2013
The National Security Agency has been sifting through millions of contact lists from personal email and instant messaging accounts around the world—including those of Americans—in its effort to find possible links to terrorism or other criminal activity, according to a published report.
The Washington Post reported late Monday that the spy agency intercepts hundreds of thousands of email address books every day from private accounts on Yahoo, Gmail, Facebook and Hotmail that move though global data links. The NSA also collects about a half million buddy lists from live chat services and email accounts.
The entire story is here.
Originally published October 15, 2013
The National Security Agency has been sifting through millions of contact lists from personal email and instant messaging accounts around the world—including those of Americans—in its effort to find possible links to terrorism or other criminal activity, according to a published report.
The Washington Post reported late Monday that the spy agency intercepts hundreds of thousands of email address books every day from private accounts on Yahoo, Gmail, Facebook and Hotmail that move though global data links. The NSA also collects about a half million buddy lists from live chat services and email accounts.
The entire story is here.
Friday, October 19, 2012
To Encrypt Email or Not to Encrypt Email? Practical Answers to a Question That Is Surprisingly Complex
by Elizabeth H. Johnson
Poyner Spruill LLP
Originally posted on October 5, 2012
Health care providers frequently ask us whether they have to encrypt emails, particularly those sent to patients who have asked for an emailed copy of their health records. Since patients have a right to receive electronic copies of their health records, emailing them a copy when they ask for it seems like the right thing to do.
Unfortunately, the decision actually is more complicated. HIPAA requires that all electronic transmissions of protected health information (PHI) be encrypted. That means ALL of them … fax, email, web-based and otherwise. The requirement applies regardless of the identity of the recipient or patient, and the recipient cannot “undo” or waive the requirement by consenting to the receipt of unencrypted emails.
(cut)
One more time in English? Health care providers are allowed to send PHI in unencrypted emails but only after they engage in the analysis described above and document their determination. It is a violation of the HIPAA Security Rule to send unencrypted emails containing PHI without first having performed and documented that analysis. A single violation can carry a penalty as high as $50,000, a useful figure to contemplate if you think encryption is too expensive to implement. Encryption also carries the benefit of qualifying for a “safe harbor” under HIPAA’s breach notification requirements. A security incident that would otherwise require notification is not considered a breach if the PHI affected were encrypted and the encryption key has not been compromised.
The entire article is here.
Thanks to Marlene Maheu for this article via LinkedIn.
Poyner Spruill LLP
Originally posted on October 5, 2012
Health care providers frequently ask us whether they have to encrypt emails, particularly those sent to patients who have asked for an emailed copy of their health records. Since patients have a right to receive electronic copies of their health records, emailing them a copy when they ask for it seems like the right thing to do.
Unfortunately, the decision actually is more complicated. HIPAA requires that all electronic transmissions of protected health information (PHI) be encrypted. That means ALL of them … fax, email, web-based and otherwise. The requirement applies regardless of the identity of the recipient or patient, and the recipient cannot “undo” or waive the requirement by consenting to the receipt of unencrypted emails.
(cut)
One more time in English? Health care providers are allowed to send PHI in unencrypted emails but only after they engage in the analysis described above and document their determination. It is a violation of the HIPAA Security Rule to send unencrypted emails containing PHI without first having performed and documented that analysis. A single violation can carry a penalty as high as $50,000, a useful figure to contemplate if you think encryption is too expensive to implement. Encryption also carries the benefit of qualifying for a “safe harbor” under HIPAA’s breach notification requirements. A security incident that would otherwise require notification is not considered a breach if the PHI affected were encrypted and the encryption key has not been compromised.
The entire article is here.
Thanks to Marlene Maheu for this article via LinkedIn.
Monday, August 15, 2011
Ten Best: Preventing Privacy and Data Breaches
The antics of groups like Anonymous and LulzSec over the past few months have made data breaches seem inevitable. If information security vendors like HBGary and RSA Security aren't safe, what hope does an average SMB have? It is true that there is no silver bullet, and no impervious network security, but there are a variety of things IT admins can do to prevent network breaches and protect data and privacy better.
The Web safety and online identity protection experts at SafetyWeb.com and myID.com helped put together a list of ten different data and privacy breach scenarios, along with suggestions and best practices to avoid them.
1. Data Breach Resulting From Poor Networking Choices. Names like Cisco and Sun are synonymous with enterprise-level networking technologies used in large IT departments around the world. Small or medium businesses, however, generally lack the budget necessary for equipment like that. If an SMB has a network infrastructures at all, it may be built around networking hardware designed for consumer use. Some may forego the use of routers at all, plugging directly into the Internet. Business owners can improve network security and block most threats by using a quality router, like a Netgear or Buffalo brand router and making sure to change the router password from the default.
2. Data Breach Resulting From Improper Shredding Practices. Dumpster diving identity thieves target businesses that throw out paperwork without shredding it. Most home shredders will suffice for small businesses in a pinch, but a commercial shredder is a wise investment if private information is printed and shredded daily. Make sure that documents with sensitive information or personally identifiable data are thoroughly shredded before disposal.
3. Tax Records Theft Around Tax Time. On a similar note, businesses need to pay extra attention to incoming and outgoing information related to taxes. Businesses must ensure that tax returns are dropped off at the post office and refunds are collected promptly from the mailbox. Identity thieves often steal tax returns from an outbox or mailbox.
4. Identity Theft Resulting From Public Databases. Individuals, especially business owners, often publish lots of information about themselves in public databases. It is a sort of catch-22 because a small business owner wants to maximize exposure while still protecting individual privacy. Businesses are registered with the county clerk, telephone numbers are in the phone book, many individuals have Facebook profiles with their address and date of birth. Many identity thieves can use information searchable publicly to construct a complete identity. SMBs need to think carefully about how and where to gain exposure for the business, and consider the consequences of sharing sensitive information publicly.
5. Identity Theft Resulting from Using a Personal Name Instead of Filing a DBA. Along those same line, sole proprietors that do not take the time to file a Doing Business As application are at a far higher risk of identity theft due to their personal name, rather than their business names, being published publicly.
The rest of the story is here.
Sunday, July 17, 2011
Practical Tips: Emailing Patients
Practical Tips for Psychologists When Using Electronic Media to Supplement Face to Face Therapy with PatientsRachael L. Baturin, MPH, JD
Professional Affairs Associate
As electronic media is becoming more prevalent among patients, psychologists are starting to incorporate it more and more in their practices. Some psychologists use email and texting as a way to communicate with their patients between face-to-face therapy sessions. As such, psychologists should set up a policy on how they are going to use these means to communicate with their patients and psychologists should communicate this policy to their patients. Here are some practical tips that psychologists should consider when adopting a policy on the use of electronic media with patients:
1. Psychologists should clarify to patients what, if any, kinds of emails they will accept. Generally, emails should be professional in nature and should not get personal. If emails are becoming too lengthy or prolonged you should notify patients to come in or call to discuss the issue.
2. Emails should not be used in emergencies. Patients should be advised to contact psychologists by phone if an emergency arises.
3. Psychologists should advise their patients on headings that they will use in the subject line of the email (ex. billing question, appointment).
4. Psychologists should establish a turnaround time for their response to patients’ emails.
5. Psychologists should inform their patients about privacy issues. Patients should know who besides the psychologist processes emails during normal business hours, during vacations and when the psychologist is out sick.
6. Psychologists should maintain a copy of all messages sent to/from their patients in their records.
7. Psychologists should include a standard block of text to the end of the email message to patients containing the psychologist’s full name, contact information and reminders about security and the importance of alternative forms of communication for emergencies.
8. Psychologists should remember that email has inherent limitations in that the lack of non-verbal cues (facial expression, voice tone) may cause the intent of the communication to fail. For example, an attempt at humor may come off as being sarcastic even though it was not meant to be.
1. Psychologists should clarify to patients what, if any, kinds of emails they will accept. Generally, emails should be professional in nature and should not get personal. If emails are becoming too lengthy or prolonged you should notify patients to come in or call to discuss the issue.
2. Emails should not be used in emergencies. Patients should be advised to contact psychologists by phone if an emergency arises.
3. Psychologists should advise their patients on headings that they will use in the subject line of the email (ex. billing question, appointment).
4. Psychologists should establish a turnaround time for their response to patients’ emails.
5. Psychologists should inform their patients about privacy issues. Patients should know who besides the psychologist processes emails during normal business hours, during vacations and when the psychologist is out sick.
6. Psychologists should maintain a copy of all messages sent to/from their patients in their records.
7. Psychologists should include a standard block of text to the end of the email message to patients containing the psychologist’s full name, contact information and reminders about security and the importance of alternative forms of communication for emergencies.
8. Psychologists should remember that email has inherent limitations in that the lack of non-verbal cues (facial expression, voice tone) may cause the intent of the communication to fail. For example, an attempt at humor may come off as being sarcastic even though it was not meant to be.
Subscribe to:
Posts (Atom)