Professional IT Support and Consulting Since 2000.

Microsoft Certified Database Administrator CCNA Cisco Certified
Microsoft Certified System Engineer
Cisco Systems Partner Premier Certified
Microsoft Certified Technology Specialist
ZIX Corp Certified Partner
compTIA Certified
Microsoft Small Business Specialist
Fortinet Certified

Don’t help fund your state or federal regulatory “economic stimulus” package

Published by Dave Murray on .Filed under Email Security,IT Support,Network Security

Over the last couple of years there has been an increasing trend towards enforcement of regulatory requirements. Initially the questions about privacy regulations were not about the regulations themselves, it was about enforcement. The when, who, and how these regulations would be enforced. Our questions are being answered as FINRA (Financial Industry Regulatory Authority) become more active and State Attorney Generals immediately start enforcing the Health Information Technology for Economic and Clinical Health (“HITECH”) Act to enforce provisions of the Health Insurance Portability and Accountability Act (“HIPAA”). Unfortunately we are seeing that these regulations are gaining “teeth” as state and federal agencies see these regulations as their own personal economic stimulus.

On April 12, 2010 FINRA announced that it had fined D.A. Davidson & Co. $375,000 for failing to protect its customers’ confidential information. This was because they found that D.A. Davidson did not employ adequate safeguards to protect the security and confidentiality of customer records and information stored in a database housed on a computer Web server. D.A. Davidson became aware of the security breach when one of the persons responsible for the intrusion attempted to blackmail D.A. Davidson via email on January 16, 2008. When they became aware of the breach the firm quickly took all of the appropriate steps. They very quickly notified law enforcement and provided affected individuals with two years of credit monitoring. D.A. Davidson also immediately took proactive steps to close their security breach. In spite of these steps the damage had already occurred and the firm was forced to consent to the entry of FINRA’s findings.

Using a legal authority granted to state attorneys general under the HITECH Act Attorney Generals are beginning to actively enforce HITECH. An example of this trend is Connecticut Attorney General Richard Blumenthal who is already in the process of investigating his second case involving HIPAA violations this year. This is immediately after he filed the first HITECH case earlier this year!

Jeff Drummond, health law partner in the Dallas office of Jackson Walker LLP, says the power granted to state AGs to pursue lawsuits is a major change for HIPAA enforcement. “Combined with the ability of individuals to get a ‘piece of the pie’ when penalties are handed out, this will be the biggest game-changer in HITECH,” says Drummond.

This aspect of “sharing the spoils” built into the economic stimulus in 2009 is very disturbing in light of recent state and federal budgetary shortfalls. It is important that we all ensure compliance so that we don’t help our regulators enact their own stimulus package. Check this page if you have any questions about how Convergence can assist you on your compliance needs.