Sunday, September 27, 2009
Updates & The Hudson River Sea Glass Company
We have started the Hudson River Seaglass Company, and have just completed the first several pieces of jewelry this morning. They will be up for sale on C Market's Bidding for Good in the next couple of weeks, with the proceeds being donated to Global Action for Children (http://www.globalactionforchildren.org/).
Saturday, September 5, 2009
Sea Glass Adventures
From what I have found so far, some of it is REALLY old! I have found some black glass that is old bottles from over a hundred years ago, and the etched top of a black perfume bottle or something like that. Here are the pictures of them.
I think I might try to sell some of these on Ebay, although if I had time it would be fun to try and make some jewelry from them.Thursday, July 2, 2009
Two Interviews!
We will be driving up early next week, so we will be in packing mode all weekend, wish us luck!
Thursday, June 25, 2009
Our New Paulus Hook Brownstone!
Sunday, June 21, 2009
We found an apartment in Paulus Hook
Sunday, June 14, 2009
Our year in Tampa is almost over...
We are apartment hunting in Hoboken
Its safe, clean and close to the PATH train and Seton Hall. Jeff has applied to a job for a compliance officer and I have applied for several jobs as well.
Follow us on Twitter! http://twitter.com/flysurfdivefun
We will still be working at our current job as well (remotely), doing some consulting work and writing a book on Contracts and the Law. We begin Accounting classes Aug 31 and the first job fair is in September. We are hoping that we wil be interviewed and get an Internship or job from this first job fair.
Tuesday, May 26, 2009
What does the new HITECH Act entail?
The first major change that affects the business associate is found in section 13401(a). This section stipulates that 45 C.F.R. Part 164 Subpart C (Security Rule) will “apply to the business associate of a covered entity in the same manner such sections apply to the covered entity.” In other words, the business associate must now abide by the Security Rule and safeguard all electronic protected health information. (ePHI). Before HITECH came into existence, the business associate only needed to provide the safeguards that were agreed to in the business associate agreement with the covered entity. However, after the passage of HITECH, business associates will now have to implement administrative safeguards, physical safeguards, technical safeguards, and create formal policies and procedures in order to satisfy the HITECH Act and the Security Rule. The business associate will not be alone in this endeavor; the Secretary of the Health and Human Services will annually issue guidance to the most appropriate and effective technical safeguards for use in complying with section 13401.
Failure to follow section 13401(a) can result in serious consequences for the expert. Prior to HITECH, the business associate did not face any criminal or civil penalties resulting from their negligent or intentional actions in handling protected health information. At most, the business associates punishment would have been a canceled contract with the covered entity. Instead, all of the punishment fell squarely on the shoulders of the covered entity. However, HITECH changes everything.
According to section 13401(b), any business associate that violates the security requirements found in section (a) can face civil as well as criminal penalties. The penalties for 13401(a) violations can be found in sections 1176 and 1177 of the Social Security Act, and these penalties can be severe. For instance, any person who knowingly discloses individually identifiable health information to another person with the intent to sell or transfer such information faces $250,000 in fines and 10 years of imprisonment. Additionally, failing to use reasonable care in securing protected health information can bring about fines of up to $25,000. HITECH has completely changed the liability landscape for all business associates.
The last major change found in the HITECH Act is section 13402: Notification in Case of a Breach. This section of HITECH drastically alters the privacy rule of HIPAA, which in its current form does not require the covered entity or business associate to provide any breach notification to individuals.
According to 13402(a):
a covered entity that access, maintains, retains, modifies, stores, destroys, or otherwise holds, uses, or discloses unsecured protected health information shall in case of a breach of such information that is discovered by the covered entity, notify each individual who’s unsecured protected health information has been, or is reasonably believed by the covered entity to have been accessed, acquired, or disclosed as a result of the breach.
Additionally, section 13402(b) states:
A business associate of a covered entity that accesses, maintains, retains, modifies, records, stores, destroys, or otherwise holds, uses, or discloses unsecured PHI of a covered entity to notify the covered entity in the event of a breach in the security of such information. §13402(b). The notice must include, among other things, “the identification of each individual whose unsecured protected health information” was breached.
The important concept to remember from both 13402(a) and (b) is that a notification is only required during a breach of unsecured protected health information. Section 13402(h)(1)(B) of the HITECH Act tries to provide a definition of what unsecured is:
Protected health information that is not secured by a technology standard that renders protected health information unusable, unreadable, or indecipherable to unauthorized individuals and is developed or endorsed by a standards developing organization that is accredited by the American National Standards Institute (ANSI).
Based on the above definition of what unsecured means, if a business associate was to use an ANSI approved encryption standard for their protected health information and a breach occurred, that business associate would not need to provide a notification because the information would be unreadable or indecipherable to the unauthorized individual. Only unsecured information warrants a breach notification.
When a breach of unsecured protected health information occurs and is discovered or should have reasonably been known, business associates or covered entities have, without unreasonable delay, 60 days from the date of discovery to send out their notifications as stated by 13402(d)(1). Lastly, 13402(d)(2) provides that the burden of proof falls on the business associate and covered entity to demonstrate that all required notifications were sent within a reasonable amount of time.
Once a breach is discovered, section 13402(e) defines the methods of notice that a covered entity or business associate must utilize when notifying an individual. For example, 13402(e)(1)(A) maintains that notification by first class mail to the individual or their next of kin is permissible if the previous to the known address, or if selected by the individual, to their e-mail address. Additionally, sections 13402(e)(1)(B) provides that if there is insufficient information to contact an individual either through first class mail or electronic email a conspicuous posting, for a length determined by the Secretary of the HHS, on the home page of the web site of the covered entity or notice in a major print or broadcast media in the same local area as the individual will suffice. If the above forms of notification are used a toll-free phone number must be included in the notification directing the individual where to call to find out more information. Lastly, if the covered entity determines that imminent misuse of unsecured protected health information is about to take place, section 13402(e)(1)(C) allows for the contacting of the individual by telephone or other appropriate method.
Section 13402(e)(1) applies to the notification of individuals. However, if the unsecured protected health information of 500 or more residents of the same state or jurisdiction is breached, section 13420(e)(2) will kick in. This section stipulates that if such a breach occurred, prominent media outlets in those states or jurisdiction must be notified. Also, 13420(e)(3) requires an immediate notification to the Secretary of the HHS if the breach involves 500 or more individuals.
In every notification a business associate or covered entity provides an individual or media outlet, certain information must be included in that notification. As a result, section 13402(f) must be followed. This section requires that ever notification includes a brief description of the breach, dates of breach and breach discovery, description of the unsecured ePHI involved, the steps needed to be taken by the individual to protect themselves, the steps the covered entity is taking to mitigate losses and prevent further breaches, and contact information for individuals to ask questions or learn additional information.
Every expert that can be classified as a business associate to a covered entity and handles electronic protected health information must have an understanding of the new HITECH Act. Doing so will not only allow you to properly safeguard the ePHI but will also reduce your chance of having the new penalties imposed on you.
Jeffrey Straka, J.D. and Amanda Moore Straka, J.D., are the authors of numerous articles related to the legal implications of HIPAA, the HITECH Act and Information Security. They each graduated from the Charleston School of Law in 2008 and are both pursuing Masters degrees in Accounting from Seton Hall. They are currently compliance analysts at a corporation in Tampa, FL.
Thursday, May 14, 2009
The Achilles Heel of the Financial Giants
The majority of wireless access points located in seven metropolitan financial centers have easy-to-break or nonexistent security, according to a survey conducted by security firm AirTight Networks and published on Wednesday.
The survey, which summarized more than 30 scans in six U.S. cities and London, found that 57 percent of the access points had no security or used Wired Equivalent Privacy (WEP), an older and easy-to-hack form of encryption. Almost 40 percent of the insecure wireless networks used enterprise-grade hardware from major vendors, suggesting that they were deployed by companies, not consumers, said Mike Baglietto, director of product marketing for AirTight Networks.
"We thought wireless was mature enough that people should understand the security issues," Baglietto said. "But we saw a lot of open access points, a lot of identities being leaked, and a lot of insecure installations."
Sunday, March 8, 2009
Wireless Security Settings
Wednesday, March 4, 2009
Viking's Vault and NAACP request meeting with Florida Governor Charlie Crist
Monday, March 2, 2009
Don't Leave the Windows Open!
In today's world, many people underestimate how secure their computers are. Would you go on vacation and leave your windows open? Of course not! Why lock the doors if you are just going to leave the windows open? This obvious, but important concept can also be applied to the use of programs called peer to peer (P2P) networks.
If you or your kids have an iPod, they probably want all the newest and hottest songs, right? Many kids go for the sites that are free and easy to use. These "Peer to Peer" (P2P) Networks, such as Limewire, Junglemonkey, MyNapster, BearShare or WinMX essentially open up your computer to talk directly to other computers, rather than through a web site. Users can "share" music, video, images and other types of files easily and with no cost. Unfortunately, the users of these programs will also have access to any other type of file on your hard drive. That means password files, private documents, bank records, anything on your hard drive is fair game. When these types of programs are downloaded, you are no longer in control of the privacy of your computer.
Many of these applications also will automatically install spyware in the same process of installing the program. Spyware can do anything from allowing pop up banners to occur, track your internet surfing habits, or transmit your personal information to a third party.
Recently, blueprints for Marine One, President Obama's new aircraft, were found in a computer in Iran. These incredibly sensitive and private documents were exposed to the public (and ultimately to a non-friendly country to the US) through the use of a peer to peer sharing network. The private hard drive was exposed to file sharing. A user decided to look at the other files on the hard drive, and somehow those files ended up in the hands of another country.
For our friends and family, if you suspect that your computer has been infected by spyware or you would like to make sure that your hard drive has not been compromised by viruses, trojan horses, or other dangerous programs, contact Jeff or I. We can try to run a system check and clean out any offending programs that you may or may not know about.
Here is the link to the report about the stolen blueprints of Marine One, found in an Iranian computer published on Feb. 29, 2009.
http://www.wpxi.com/news/18818589/detail.html
Tuesday, February 17, 2009
Winter Quarter at DePaul University
Talulah (photo below) Hamish (above photo)
Sunday, February 15, 2009
Frontiers of Law in China
Thursday, February 12, 2009
Information Security and the Expert Witness
For an expert witness or consultant, your consequences may involve liability, being fired by the attorney, and/or destroying your good business name. In order to prevent these consequences from happening, you should safeguard any information obtained from the attorney client privilege, the work product doctrine. For the expert witness or consultant that analyzes medical records they must be careful to adhere to any pertinent Health Insurance Portability and Accountability Act (HIPAA) regulations.
A more in depth article on the responsibilities of a consultant with regards to information security will be posted in the next week.
We will be lecturing on Information Security, HIPAA and other related topics at a private conference in San Francisco, CA on March 13-16.
Wednesday, February 11, 2009
We are Published
US edition: http://www.xprolegal.com/newsletters/jan09/index.php
UK edition: http://www.xproexperts.co.uk/newsletters/jan09/index.php
The Legal Medical Journal is publishing our article later this month, and our UK blog for them will be starting up in May.
Tuesday, February 10, 2009
Back from London
We also were able to see a public demonstration while we were there. Protestors against the war in Gaza were marching and chanting about the attacks on Gaza by Isreal.
The police had about fifty police cars and they were surrounding Trafalgar Square. Other police were hidden on side streets in vans, wearing full riot gear. Eventually the police blocked the demonstrations from marching several times, and then the demonstrators got angry. They began to march to the Israeli embassy in an attempt to overthrow it, and the riot police came out to stop them.