Identity Theft Red Flags Rule Implements sections of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act) Applies to financial institutions and creditors that hold any consumer account Applies if a healthcare provider: –Permits payment of services to be deferred –Allows payment in multiple installments Must comply by May 1, 2009
Things to Consider Types of patient billing accounts Methods used to allow installment payments (may be considered covered accounts) How a covered account is accessed –Example: Web portal for patient bill paying Previous incidents of identity theft Privacy safeguards and security controls currently in place to protect an individuals identity and personal information (i.e. HIPAA)
PCI Security Standards Council, LLC Responsible for the security standards Formed in September 2006 by the five major credit card companies: –Visa International –MasterCard Worldwide –American Express –Discover Financial Services –JCB (Europe) www.pcisecuritystandards.org
Conducting a PCI Self-Assessment Determine the volume of transactions Inventory where credit card transactions occur Conduct a self-assessment Remediate identified issues Create a Credit Card Handling policy Create, deliver, and document user training on Credit Card Handling
Governance, Risk, and Compliance (GRC) JCAHO Red Flags Rule SOX FISMA PCI DSS HIPAA = Governance framework for an information security program for __ consistency in satisfying multiple regulations and requirements ARRA
Tom Walsh, CISSP firstname.lastname@example.org 913-696-1573
Good News! Because of the current global economic crisis, hackers, creators of malicious code, spammers, and disgruntled former employees have all pledged to be compassionate to businesses and individuals by cutting back on their harmful and disruptive activities by at least 30%.
More Good News! Additionally, Congress has urged that all American employees who still have a job to temporarily suspend any of their unauthorized activities that could disrupt or significantly impact businesses until after the current economic crisis has passed.
Even More Good News! It was announced yesterday that the United Nations overwhelming passed a measure, which can only be described as an extraordinary act of reconciliation, that with Barack Obama now as president of the United States, all nations vow to no longer harbor any hostilities toward the United States government and its people.
Sad Reality While everything else in our economy is declining, threats to information security are on the rise Desperate times result in desperate measures –People are willing to do whatever it takes to ensure their own personal wellbeing –Employees on the verge of being laid off or former employees that recently lost their job represent a significant threat to security