When my daughters were little, I was thrilled to be a part of the YMCA Princess program with them. We would do Daddy-Daughter camp outs and other wholesome activities. One of my abiding memories was the joy we would find on nature walks looking for signs of spring. Even today, I enjoy seeing signs of spring popping out of the ground.

These days, data security and privacy requirements are popping up, too. The HIPAA HITECH rules that require encryption of protected health information, among other measures, require compliance as of February 17, 2010. Anyone with a Business Associate Agreement now faces a plethora of new and complex requirements to ensure that data is secure. We’ve been helping many of these folks implement measures in our economical SHAPE® protocol to lock down and secure the data on their computers and add email encryption to their systems.

The state of Massachusetts has new regulations establishing minimum standards for the safeguarding of personal information. These regulations are meant to provide security and confidentiality of customer information including guarding against unauthorized access or use of this information.

In a few months the FTC’s Red Flags Rules will also be effective. These rules also require that businesses develop plans and procedures to safeguard individually identifiable personal information.

And so it seems that every day another law or rule “pops up” to require increased safeguards for data privacy and security. Once data has been breached, the repair costs are huge. One estimate is that it costs $200 per affected person. Some may see these rules and laws as spring crabgrass, but, in my view, taking steps to prevent breaches of private information is something to herald!

SHAPE – Secure information at the tip of your finger.

I remember reading my children the Chicken Little story when they were little. I think many of us have read the story and can relate to the oft-repeated lament – “The sky is falling!” I often feel like Henny Penny, the chicken, yelling “the sky is falling” when speaking about the need for data base security. Many businesses don’t realize the threat that lax security of data poses.

A December report by the Identity Theft Resource Center identified 461 data breaches exposing 222,168,244 records. The breaches include hackers into databases, hackers into vendor databases that are accessed by a business, employee theft of data – the gamut!

What is the cost to business of lax data security? As I reported in a previous article, a study by PGP/Ponemon reported in the Insurance Journal found the following:

• Average cost for data breaches per incident are $202 per compromised record
• Lost business averages $139 per record
• Notification costs are at least $1-$2 per individual with credit monitoring adding $10 – $20 per person per year.

In at least one of the versions of the Chicken Little story, Henny Penny and her friends meet Foxy Loxy and they’re never heard from again. Frankly, I’d rather avoid that fate, especially since it’s easy enough to do!

Secure Services Corporation’s SHAPE Card™ provides the most robust front-end database security under the sky! It’s affordable and convenient to use.

Now that’s enought to keep Foxy Loxy and a whole host of government security and privacy compliance folks away from your door.

Happy Holidays!

SHAPE – Secure information at the tip of your finger.

I have a strong lock on my front door. The Art Museum locks their doors and has sophisticated security to protect the paintings and other works of art. In both cases, we are protecting our treasures and providing safety. But, the daily headlines tell us that businesses are doing an inadequate job protecting their treasure – the data and information that is the lifeblood of the firm.

What is the cost to business of lax data security? A study by PGP/Ponemon reported in the Insurance Journal found the following:

• Lost business averages $4.59 million or $139 per record – 69% of data breach costs
• Notification costs are, at a minimum $1-$2 per individual and credit monitoring, if required, costs an additional $10 – $20 per person per year
• Average costs for data breaches per incident are $202 per compromised record, totalling $6.65 million.

And, these costs are going up and more businesses are facing the possibility of being slapped with them. The federal government is implementing the Red Flags Rules which require businesses to plan and respond to data breaches, including personal information of individuals. They’ve also committed to pursuing HIPAA privacy violations as well as adding new security rules under the Hi Tech Act. Let’s not forget that as many as 44 states have their own requirements for businesses when breaches occur.

There are solutions that won’t break the bank. Business owners should investigate and consider insurance for data breaches. But, unless the business has taken steps to mitigate the likelihood of a breach, insurance might be costly or unavailable.

What’s the best solution? SSC’s  SHAPE Card. Our Secure Health And Privacy Environment (SHAPE) using our patent-pending biometric match-on-card process provides the ultimate in “front-end” security and privacy with the greatest ease of use. And, since our solutions wrap around existing systems, the cost of implementation is low. So, you might say we lock the door and keep the treasure intact, too!

SHAPE – Secure information at the tip of your finger.

With all of the talk about healthcare IT, I’ve been reminded of Clara Peller’s famous line “Where’s the beef?” As a reminder, Clara’s “little old lady” persona barking out “Where’s the beef?” went from a commercial line to an everyday expression not that many years ago.

When you look at many of the IT platforms currently being sold or installed in healthcare or any industry where sensitive and important data is used, I want to know, “Where’s the security?”

That’s not to say that security is being totally ignored. In many cases the security is strong on the back end. But, front end security is given short shrift, often just a password – not nearly enough as the almost daily headlines of security breaches proves.

When questioned about this lack, we hear that robust front end security is:

a. Not available

b. Too difficult to use

c. Too expensive

d. Not a standard practice.

Our answer: None of the above responses is acceptable!  Upfront security is the “lock and key” to data integrity and security. It’s this upfront, front end security that SSC addresses with our affordable and easy-to-implement and use, biometric identity SHAPE™ smart card.

The SHAPE Card ensures that only the people authorized to access data can do so. And, through our patent-pending application, we further refine access to data based on permissions, roles and responsibilities.

So, Clara, you made one catch-phrase famous, “Where’s the beef?” I hope I become almost as famous as you for “Where’s the Security?”

SHAPE – Secure information at the tip of your finger.

“All Roads Lead to Rome.” This phrase, likely adapted from Chaucer, reflected upon roads built during Roman times that all radiated out of Rome. It came to my mind as I thought about the needs, today, for secure and private access to information. Every conversation that we have at SSC, every article that we read, every legislative initiative dealing with sensitive data – it always comes back to the need and ability to provide secure and private access to information.

While there are many solutions being considered – and sold – that claim to be secure, they tend to fall short. In some cases,  the steps to secure the information and to provide access to it are so numerous and cumbersome that users will become very creative to circumvent them. In others, the security is “a mile wide and an inch deep” providing little more protection than the most rudimentary security tools.

We believe that the time is right for our SHAPE™ solutions. Our Secure Health And Privacy Environment (SHAPE) using our patent-pending biometric match-on-card process provides the ultimate in security and privacy with the greatest ease of use. And, since our solutions wrap around existing systems, the cost of implementation is low.

As everyone struggles with keeping data secure, ensuring privacy of health care and other sensitive data; we’ve got the answer. In the case of security and private access to data with positive authentication of identity – all roads leads to SHAPE.

SHAPE – Secure information at the tip of your finger.

I remember the days when you left your front door unlocked, even when you went on vacation! Sadly, those days are over for most of us. Once we started locking our doors, they often had flimsy locks or the doors were large panes of window glass. So, even with the door locked, someone wanting to gain access to the home didn’t have to be very determined to do so. Nowadays, many front doors are reinforced steel and locks are keyed dead bolts. And, many people have alarm systems complete with intrusion alert systems and motion detectors.

Most of us have valuables in our homes. Not the kind, necessarily, that you’d find in a museum, but they’re of value to us. So, taking greater measures to prohibit access by ne’er do wells makes sense. That being said, shouldn’t we take similar measures to protect our mission critical or highly sensitive data bases?

Think about it. Many businesses have important business data, customer lists, financial records – you name it -unlocked or scarcely protected. I’ve talked with business owners after data breaches. Many times the data was accessible to anyone at the firm, irrespective of their need to access it. And, when it was protected, often it was password protected with the “sticky note” containing the password conveniently attached to the computer screen!

And, business owners with tighter security for their data and information know that a determined hacker or thief is likely to gain access to their data.

As I spoke with business owners, I came to realize that we needed to have robust security at the front door. Our biometric match-on-card, SHAPE Card™, is that secure “key” ensuring that only authorized and authenticated users can gain access to sensitive information.

But, I also realized that once someone is “in the door” we needed to ensure  we have personal security. By that I mean that access must be controlled. A package delivery person may be allowed in the door but not upstairs, for example. Our SHAPE system provides security in that it restricts access based on roles. The business determines the roles and access rights afforded by the SHAPE Card. In a healthcare setting, for example, the clerk may need a patient’s insurance and billing information while the doctor needs access to clinical information.

And, finally, we had to ensure that someone couldn’t make a copy of the “key.” Our SHAPE system uses the MULTOS operating system, the most secure smart card operating system in the world. Despite being deployed to millions of users, MULTOS cards have never been hacked.

Almost every business should review and upgrade their data security. Data security is a harbinger of trustworthiness in many instances. Businesses with credit and other financial records may also be subject to the “Red Flags” Rules published by the Federal Trade Commission as well as a myriad of other laws and regulations addressing privacy and security of data. Healthcare providers have HIPAA to contend with in addition to the “Red Flags” Rules and other privacy and security regulations and protocols.

With identity theft on the rise and data breaches making the daily news, no one can afford to remain innocent. Yes, it is a loss of innocence that we have to lock our doors as well as lock our data. But, the silver lining in the clouds is that data security using the SHAPE Card is affordable, easy to implement and scalable.

Now, if I could only remember where I left my house keys!

SHAPE – Secure information at the tip of your finger.

“It’s 11 o’clock do you know where your personal health information is?” The new provisions in the American Recovery and Reinvestment Act of 2009 (ARRA) may make this a very expensive question if the answer is “no.”ARRA has new – and sweeping – provisions regarding the security of health information. “Covered entities” will be required to notify individuals within 60 days of any breaches of their personal health information. And, if the privacy breach involves 500 or more individuals, then the Department of Health and Human Services must be notified as well.”Business associates” will also be held to  much higher standards of maintaining the privacy and security of health records. HIPAA enforcement is extended to these entities, too.And, to counter critics that there was “a lot of HIPAA and not a lot of enforcement,” the new Act gives states attorneys general the authority to sue for HIPAA violations. This right had been reserved exclusively for the HHS’ Office of Civil Rights. State AGs will be able to seek statutory damages and attorneys fees on behalf of affected individuals in their states. State AGs are well-known for acting aggressively and rapidly, so HIPAA compliance will no longer be something to address “tomorrow.”These new provisions should cause anyone with sensitive medical information to reflect on the steps that they’ve taken – and need to take - to secure this data.At Secure Services Corporation, we believe that secure and encrypted data using our highly robust SHAPE (Secure Health And Privacy Environment) products will allow our customers to rest easy. They’ll know where the personal health information is at 11 o’clock and around the clock!SHAPE – Secure information at the tip of your finger.

HIPAA has too many letters to qualify as a “four letter word.” But, some medical providers – especially smaller practices – have given it that status. But, while many have focused on HIPAA, any breach of personal, healthcare or financial information can be costly to a business.A recent news article noted that retailers (large or small) credit unions and clinics all face the same problems as a huge firm if a breach in privacy occurs. Among the problems are government fines, lawsuits – individual and class-action, bad press and loss of customers. Most people in business don’t want to face any of these problems. A smaller firm faced with any – or all – of these problems is unlikely to survive them.May 2009 is the date for implementation of the Federal Trade Commission’s “Red Flags Rules.” These rules require many businesses – including healthcare providers – to implement a program to detect, prevent and mitigate instances of identity theft. Failure to comply with the rules could mean administrative penalties of up to $2,500 in fines per violation.Clearly, HIPAA, privacy and identity protection are concepts that warrant significant efforts if healthcare providers are going to thrive and consumers are going to remain confident in using their services. So, it’s time to stop cussing about our fate (another four letter word) and take action. Thankfully, Secure Services Corp. has developed affordable and interoperable solutions that help address these problems of security and identity protection. Help -  a four letter word that I like.SHAPE – Secure information at the tip of your finger.

I don’t know about you, but turning over my credit card to access three more numbers doesn’t strike me as a particularly robust security measure. After all, anyone having access to my credit card can be “me” for many Internet transactions. Thankfully, I’m financially protected when someone uses my credit cards fraudulently. But, we aren’t similarly protected when someone fraudulently uses – or steals - our medical information. That’s why three numbers or a robust password using numbers and letters is not sufficient. If someone represents himself as me and uses medical services, the results could be life threatening!That’s why our SHAPE Card™ using biometric match-on-card identity verification (the fingerprint is only on the card, not in a database) is so timely and so necessary. As we move more and more medical information electronically it becomes even more important to affirmatively identify and authenticate the person represented by that information. The SHAPE Card coupled with the biometric match-on-card authentication ensures that I am … “me.” SHAPE – Secure information at the tip of your finger.

Have you ever noticed how soothing the sound of waves washing up on the beach can be? But, when the wind is high that soothing sound becomes a menacing and snarling sound. Physicians and hospital administrators have – pretty much – found HIPAA compliance to be like soothing waves lapping at the shore. They’ve had years to adjust and little, if any, punitive actions taken by regulators if HIPAA is breached.Many experts are warning that HIPAA violations will soon be taken more seriously and violations will become more costly. The HIPAA violations that revealed Hollywood celebrities’ health issues may have been just the spotlight regulators and legislators needed to move forward.To revisit the beach, the first wave, HIPAA, established privacy and security requirements for medical information. Now, another wave is coming in, the “Red Flags Rules,” that require many businesses – including most healthcare providers – to implement a program to detect, prevent and mitigate instances of identity theft. The rules go into effect May 1, 2009.The “Red Flags Rules” apply to creditors. However, the Federal law defines a creditor as any entity that regularly extends, renews or continues credit; any entity that regularly arranges for the extension, renewal or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew or continue credit. As such, the Federal Trade Commission (FTC) has stated that most healthcare providers including physicians are required to comply with the rules. And, the FTC has noted that medical identity theft can have serious – even deadly – consequences.I don’t know about you but, I’m going to ride on top of these compliance waves by using the most robust privacy and security system using our SHAPE Card™ with biometric authentication right on the card. And, since our SHAPE solutions are easy-to-install, affordable and easy-to-use, they make compliance a “day at the beach.”I invite you to learn more about the SHAPE Card and how our SHAPE™ System (Secure Health And Privacy Environment) can address your HIPAA and “Red Flags Rules” compliance needs. SHAPE, the difference between a “day at the beach” and a wave that engulfs you and your practice!SHAPE – Secure information at the tip of your finger.