The federal Heath Information Technology Policy Committee is considering regulations governing how patient privacy should be protected as when healthcare providers share electronic health records nationally.

Healthcare providers should be "ultimately responsible for maintaining privacy and security of patient records," but may delegate some decisions to others, including IT partners such as health informaiton exchange organizations and IT vendors, according to recommendations sent to the committee, as reported by ModernHealthcare.com.

The committee also received a recommendation "that 'patient expectations' be considered when developing policies about how personal healthcare information will be used and shared so that patients will 'not be surprised to learn what happens to their data,'" ModernHealthcare.com said.

The committee received its recommendations from its privacy and security "tiger team," formed in June when Office of the National Coordinator of Health Information Technology at the U.S. Department of Health and Human Services furloughed two privacy and security working groups, in favor of one smaller, and hopefully more nimble privacy and security tiger team.

The tiger team was split on whether to adopt an opt-in or opt-out model for patients sharing records with health information exchanges. Under the opt-in model, patient information would be withheld from the exchanges unless patients gave their explicit permission. The reverse would be true under the opt-out model; the exchanges would get patient information by default, but information could be withheld if patients actively opt out, ModernHealthcare.com said.

The issue of opt-in vs. opt-out may not be settled, according to Government Health IT.

Ultimately there may not be a default policy, said Deven McGraw, tiger team chair and director of the Health Privacy Project at the Center for Democracy and Technology. Instead, the committee may consider “endorsing choice in certain circumstances as a requirement and that the choice fulfill certain elements and, from there, there just may be some judgment calls that the agency may have to make given all the rich discussion that we’ve had,” she said.

What the heck is Data Loss Prevention (DLP), and why should you care? Palisade Systems CEO Christian Renaud explains in this two-minute video.

The short version, for those of you too busy to even take 107 seconds to watch a video: Your business is entrusted with private customer information that you need to protect. This information includes Social Security numbers, credit card numbers, Personal Health Information (PHI) and personal financial information belonging to your customers. You also need to protect your company's trade secrets from getting out.

You need to protect that information. That's dictated by laws such as the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), and privacy laws in California, Massachusetts and other states. Credit card information is protected by the Payment Card Industry Data Security Standard (PCI DSS). If that information gets out, you can be subject to fines, litigation, lost business and customer litigation.

Data loss is what happens when that information gets out. Data loss is also called data leakage. And Data Loss Prevention is ... well, I think you can take it the rest of the way on your own.

Palisade's PacketSure™ solution provides data loss prevention by sitting at the edge of your corporate network, and filtering information as it goes out onto the public Internet, watching for protected information and protecting it without disrupting your business processes. It's available as an appliance that installs in your company server room in less than an hour, or as a service from our Managed Service Provider (MSP) partners. View a video demo, or get a live demo, or get a free Secure Assessment.

Come to our free, weekly Webinar to learn how you can protect your company network against data leaks. We hold them every Thursday -- hope to see you there!

A data leak is what happens when one of your users utilizes the public Internet to send out unprotected customer Social Security numbers, credit card numbers, Patient Health Information (PHI), financial information, proprietary business knowledge, and other data that should be kept confidential. This kind of data is protected by an alphabet soup of federal and state regulations and business rules, including the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), state privacy laws in California, Massachusetts, and elsewhere, as well as the Payment Card Industry Data Security Standard (PCI DSS). Violating these rules can damage your reputation, cost business, and result in massive fines.

Palisade Systems can help. Our PacketSure™ solution stands guard at the perimeter of the network, watching outgoing traffic for protected information. PacketSure™ alerts you when employees are trying to send protected information over the public Internet and can optionally automatically route the data through third-party encryption tools, or block the information outright. PacketSure™ works without disrupting your business processes. It comes in two ways: As a rack-mounted appliance, which installs on your premises in under 45 minutes, or as a service from our Managed Service Provider (MSP) partners.

Find out more about why Data Loss Prevention (DLP) is important, to you, and how PacketSure™ can protect you, at our free Webinar.

WHEN: Thursdays, 4 pm CDT.

To sign up and get instructions for logging in, send an e-mail to p8-webinar@palisadesystems.com.

Can't make it this week? You can catch us next week, and afterward; same time every Thursday.

Are you worried about protecting proprietary information, such as customer Social Security numbers, credit card numbers, private health information and private financial information? Join our free webinar Thursday and find out how Palisade Systems' PacketSure™ solution can help.

PacketSure™ is an easy way for small- and medium-sized enterprises to guard the perimeter of their networks, to prevent data leaks of protected information onto the public Internet. PacketSure™ is available as an easy-to-install appliance that runs in your company data center, or from Managed Service Provider (MSP) partners. Coming soon: Data Loss Prevention (DLP) as a service on the Internet.

DLP is good business. If proprietary customer information gets leaked onto the Internet, it damages your brand and drives away business. It's also the law: Companies are required to protect customer data under an alphabet soup of rules and regulations: The Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Payment Card Industry Data Security Standard (PCI DSS), and privacy laws in California, Massachusetts, and elsewhere.

Find out more about why DLP is important, data leaks are dangerous, and how Palisade can help.

WHEN: Thursday, July 15, 4 pm CDT.

To sign up and get instructions for logging in, send an e-mail to p8-webinar@palisadesystems.com.

Can't make it this week? You can catch us next week, and afterward; we have them at the same time every Thursday.

Dark Reading looks at the record for database breaches in 2010 to date, and it's not pretty. Institutions have already been hit by six major breaches, and the second half of the year is just starting.

What's interesting to me at Palisade is that half of these breaches involve holes that our PacketSure™ technology helps protect.

One of the breaches involved unencrypted confidential data stored on a laptop. "An Arkansas soldier caused the Arkansas Army National Guard a lot of embarrassment earlier this year when he brought home an external hard drive containing a copy of the Guard's entire personnel database with the personal information of more than 32,000 current and former Guardsmen.," Dark Reading reports. PacketSure™ monitors endpoints to be sure secure data is encrypted.

Two breaches involved confidential data being sent unprotected over the Internet: "A staff doctor who set up a Web application that tapped into a University of Louisville database of dialysis patients put hundreds of patient records at risk by failing to use password protection to prevent unauthorized access to the application." Also, "a business logic flaw in a Web application that was tied to a database of individual insurance customers of health giant WellPoint allowed unauthorized users to potentially access any of 470,000 customer records. The vulnerability was discovered by a WellPoint customer who found that a simple URL manipulation could give her access to other customers' personal data."

PacketSure™ monitors Web traffic leaving your organization's network to watch for patient health data and other confidential information.

We're not going to claim that PacketSure™ is all the protection you need. (What's the old expression? No system is foolproof because fools are so ingenious.) But PacketSure™ from Palisade can be an important part of your organization's data protection regime. To find out more about why DLP is important and how Palisade Systems can help, join us for a free Webinar this afternoon and every Thursday at 3 pm CDT. Or get a live demo, or free Secure Assessment.

Find out why it's important to protect your network against leaks of confidential information, including customer credit cards numbers, Social Security numbers, private health and financial information and more. Sign up for the latest in our series of free Webinars.

We'll show you why Data Loss Protection (DLP) is important, and how PacketSure™ from Palisade Systems is a fast and easy way to help protect your network against harmful data leaks.

You're required to protect your data, under regulations including the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley, Payment Card Industry Data Security Standard (PCI DSS) rules, and state laws in California, Massachusetts and elsewhere. Find out how we can help at our free Webinar.

WHEN: Thursday, July 8, 3 pm CDT.

To sign up and get instructions for logging in, send an e-mail to p8-webinar@palisadesystems.com

Can't make it this week? Don't worry, we have them at the same time every Thursday.

This week's Supreme Court decision striking down part of the Sarbanes-Oxley Act affects only a very narrow part of the law, and leaves the larger issues of SOX regulation untouched. It won't have any affect on regulated companies.

The Wall Street Journal reports:

In terms of changing the way companies operate, "essentially this is a non-event," said Charles Elson, a director at HealthSouth Corp. and director of the John L. Weinberg Center for Corporate Governance at the University of Delaware. "You've got this oversight vehicle over the accounting profession that remains, and you've got this significant regulatory structure around the auditing process that remains.

He addd that governance experts had wondered: "Would they knock the whole thing out? And obviously they chose not to."

In a 5-4 decision, the court upheld a lawsuit by the Free Enterprise Fund against the Public Company Accounting Oversight Board, a nonprofit organization created in 2002 to oversee the firms that audit publicly traded company. Instead of ruling on the merits of Sarbanes-Oxley, "the court struck down only the part that said the Securities and Exchange Commission needs good cause to remove board members. The court said the SEC has the power to remove board members at will," according to the Washington Post.

The decison could prove significant in that it calls into question the independence of government officials in agencies including the Nuclear Regulatory Commission, the Social Security Administration, the Consumer Product Safety Commission, and the Federal Trade Commission.

But for companies regulated by SOX, it's the same old same old.

Join us Thursday for a free Webinar to find out how we can help you guard yourself against data loss, and comply with government regulations requiring you to protect customer information.

Small and medium-sized enterprises (like yours) are struggling with a tightening net ofregulations requiring protection of customer data, including Social Security numbers, credit card numbers and Private Health Information (PHI). These regulations include HIPAA, GLBA, PCI, GLBA, and state rules. Penalties for failure to comply are severe: Steep fines, lost reputation and business, and even (in rare cases) jail.

Palisade Systems can help. Our PacketSure™ technology provides Data Loss Prevention (DLP) to prevent data leaks. It stands guard on the border between your enterprise network and the public Internet, protecting confidential data in e-mail, the Web, instant messaging, file-sharing, and other network protocols.

Find out more about about DLP and PacketSure™ at the next in our series of Webinars.

WHEN: Thursday, July 1, 3 pm CDT

To sign up and get instructions for logging in, send an e-mail to p8-webinar@palisadesystems.com

More than 200,000 Anthem Blue Cross customers this week received letters informing them that their personal information might have been accessed during a security breach of the company's website.

Only customers who had pending insurance applications in the system are being contacted because information was viewed through an on-line tool that allows users to track the status of their applications.

Cathy Luckett of San Juan Capistrano was dismayed to learn that Social Security and credit card numbers were potentially viewed.

"I'm thinking this is the 21st century," said Luckett, 57, who bought an individual policy in February. "I expect this company, Anthem Blue Cross, to protect my information."

The information was briefly accessed, mainly by lawyers looking for information for a class action lawsuit against the company, an Anthem spokeswoman told the Orange County Register.

The insurer doesn't know how many records were viewed, but letters were sent to 230,000 Californians as a precautionary measure. Attackers would have been able to get the information by manipulating URLs, a security breach open for a relatively short time. A third-party vendor validated that security measures were all in place, but in fact they were not, the company said. Anthem says it closed the security hole immediately.

The newest member of the Palisade family, Geoff Wood, writes:

Please allow myself to introduce ... myself.

Apologies for the Austin Powers’ reference but there’s no better way to start this type of blog post. I’m Geoff and I’m new to the team at Palisade. It’s nice to meet you.

My role here is a little tough to describe – it’s quite literally undefined. As a startup, even one with the experience of Palisade, there are lots of things that fall into "undefined." These are the things that come up day-to-day that become distractions to those who are serving our customers directly, building the product, or even leading the entire operation.

My goal is to take care of that undefined in any way possible to make sure the staff doesn’t get distracted. So far it’s ranged from researching measures of customer satisfaction to writing contracts to helping with the Palisade blog and it’s only been a few weeks. I’m confident moving forward that it will continue to be diverse and I know that it will help further the vision of Palisade.

As far as my background, I’m heavily involved in the entrepreneurial community in Des Moines. I’m the President of VolunteerLocal, a technology startup that provides volunteer management and recruitment software to athletic competitions, civic festivals and other events across the country. I’m also the Des Moines contributor for Silicon Prairie News, an online industry publication that highlights high growth, high tech companies in the Midwest. The News actually played a big part in connecting me to Palisade, as I met our CEO, Christian Renaud, when I did a feature on this company earlier this year. I try to keep busy and diversified and I’m excited to be under way at Palisade.

I’ll appear on this blog from time-to-time and I look forward to engaging with you. If you’d like to learn more about me now feel free to visit http://www.geoffreyhwood.com.

Welcome to Palisade, Geoff! Check out his interview with Christian, which ran in two parts, in February and March:

Christian Renaud of Palisade Systems talks technology, raising capital

Christian Renaud talks about the needs of a startup community