Niner Niner, a collaborative weblog network, has over 25 great blogs and this “Best Of” highlights just a few of the posts that were written by some of the Niner authors, in topics that range from High Heels, Ajax, HIPAA Privacy Regulation to gadgets, books and health. 

In Ajax Blog, Sreejith introduces us to a few new things. First is Vox a new blogging service from Six Apart that uses WYSIWYG with a taste of web 2.0. After that we learn about Krun.ch and Wishlistr.

Blogging Naked: Scarification and lip plates are shown to be some of the newest and more popular form of “self-expression” in recent years.

Bookadoodle: Nancy Callahan posted more in her series “Getting Published” and this latest edition was part 5.

Boomer 2.0 had posts that pointed out that boomers can still have that second career and another that shows many are not even planning retirement anytime soon.

In Class Action Questions find out about lawsuits involving pyramid scams, hair raising beauty product claims and why State Farm was penalized.

Credit Cardenza: Unfortunately, millions of people are drowning in  credit card debt, have to worry about credit scams and fraud, and let’s not even talk about the international fees.

Dealsneak managed to sneak more than a few deals pass us this summer including, the Samsonite laptop case, a gorgeous leather bench, and a sweet looking Thermaltake Tsunami computer case.

Feed Money discusses the fact the Ebay has jumped on the contextual ad bandwagon as well as blog feeds and a program called RSS To Blog.

If you need to Fix Your Finances one of the first steps is learning how to save your money. After that you can check out Mvelopes to learn all about budgets.

At Games For Money you can find places to play free online gambling games and also learn some card counting tricks and tips.

The High Heels Blogs show us which killer heels are on sale including boots, sandals, slides and mules. Also take a look at some killer wedding heels for this summers nuptials.

A few notable gadgets that were blogged in the HyperGadget blog were the Kurzweil-National Federation of the Blind Reader, and the jumbled and messy looking organizer.

Over at the Medcare Forum, Kathleen Milazzo tells us more about that scary mad cow disease and our medical privacy laws.

Find out just how much house you can afford before you go running off to get that mortgage. And is the housing bubble really ready to blow? All this and more in Mortgage Updates.

At My Secret Side Biz learn how to make a profit, how to get your own powerwash, and simple business and Ebay tips.

On Healthy Living: Sarah White tells us all about a new study that could help with asthma reduction when it comes to do light exercise that involves stead breathing like yoga.

On Movies has a decade of super heroes list that includes recent and unreleased movies. Leafworks reviewed The Omen and we got to see the trailer for the new Ghost Rider movie.

Powersellers Blog: Ebay has done it. They finally reached 200 million members and they are also expanding into new ideas. Also people are fed up with Paypal while crooks are finding more ways to defraud your account.

Seo Updates: Yahoo one of the biggest email services was hit with a worm and Google expanded into real estate but won’t be making a browser, at least not anytime soon.

Get some free exercise tips from The Diet Logs. You will certainly need them if you plan to take a bite of this $100 burger.

Living the Single life? Well take a look at some great break up lines and if your looking to meet people Leafworks posted a great review of club La Rumba.

Thumb Gods: Nintendo is no, no to the name Wii for their new console a game system that is at the end of this long list containing The Evolution of Video Game Consoles.

Las Vegas Revealed that it was ill prepared for a massive disaster, but til then you can still get married and get comp’d in Vegas.

Wander the World, well the State of Colorado with Leafworks. He takes us to the Cherry Blossom Festival, Gothnic in Denver, Old Colorado City, Plaza del Arte Festival in Downtown Denver and Garden of the Gods.

Brabeion Software has updated their products with a new software called Brabeion Compliance Center 6.0. It allows users to keep up with regulatory compliance.

“With the addition of these regulatory modules, Chevron is better positioned to more proactively manage, deploy, and mitigate ongoing compliance efforts for SOX, HIPAA and other global regulatory requirements,” said Jay White, Global Information Protection Architect, Chevron. “Never before have we been able to implement easily and quickly such a comprehensive solution across our widely distributed information assets for compliance with external and internal regulations and security protocols.”

Brabeion Compliance Center is designed to significantly decrease the time and cost of implementing an IT compliance program, while providing unparalleled support for specific government and industry regulations. The solution includes modules for Sarbanes-Oxley (SOX), the Healthcare Information Privacy and Accountability Act (HIPAA), the Federal Information Systems Management Act (FISMA), the Gramm-Leach Bliley Act (GLBA), California SB 1386 and NIST 800-53. Brabeion Software plans to launch additional modules later this year.

Source: Thomas Net

Configuresoft makes software that helps clients manage their technology and privacy concerns. This software can audit and monitor both your hardware and software allowing you to spend your time elsewhere. Configuresoft has now updated this already impressive software.

Colorado Springs-based ConfigureSoft has upgraded its Enterprise Configuration Manager (ECM) software. The firm said yesterday that its latest version, 4.8, of its software tool adds a new dashboard capability, better support for operating system platforms, including new 64-bit Windows, and cross-platform toolkits for various compliance regulations. Configuresoft’s software is used for monitoring IT infrastructure for compliance with Sarbanes-Oxley (SOX), HIPAA, and other regulations.

Source: Tech Rockies

Just catching up on a bit of HIPAA / Healthcare / Privacy news of late.

Seems IBM announced that it was acquiring Healthlink, the largest U.S. consulting firm dedicated to the health-care industry.

Rochelle Garner of CRN reports:

IBM announced Tuesday that it will buy Healthlink, the largest U.S. consulting firm dedicated to the health-care industry. The acquisition gives IBM Global Services the domain expertise of Healthlink’s 550-person professional organization, including 300 physicians, nurses and pharmacists. Terms of the deal were not disclosed.

The acquisition is the second in one week in which a large IT consulting company acquired the health-care expertise of another. Last week, Accenture paid $175 million to buy the U.S. health-care practice of Capgemini. The 600 North American employees of Europe’s largest consulting company will join Accenture’s Health and Life Sciences practice in North America, the companies said. Paris-based Capgemini will retain its outsourcing contracts with U.S. health-care clients as well as continue health-care consulting in the federal public sector.

A Linux news site is reporting:

Ecora has released Enterprise Auditor version 3.6 that includes its new HIPAA Report Pack, a collection of more than 150 pre-built report definitions that address the technical and administrative safeguards of the HIPAA security standard.

“The manual process of preparing for a HIPAA security audit is time consuming, resource intensive, and prohibits sustainability, said Alex Bakman, founder and CEO of Ecora. “When organizations look at technology for compliance, they need to consider automated solutions such as our Enterprise Auditor that can cost-effectively help them maintain compliance in a repeatable and sustainable manner.”

Read more here

Well, the deadline to complete the security requirements of HIPAA passed yesterday with little fanfare.

Internet News has the scoop:

“Considering everything that is involved with compliance, there are a lot of factors as to why some companies may not have completed it,” Earl Crane, a senior consultant with Foundstone Professional Services, said. Foundstone, a subsidiary of McAfee, is a leading HIPAA consultant and security software provider.

Some scary compliance stats:

However, a study from Information Technology Solution Providers Alliance shows that only 30 percent of health plans and 18 percent of health care providers in the SMB market are in compliance with the regulations.

“They’ve got their own fires to put out,” Crane said. “It doesn’t happen out of laziness but rather a crunch for resources,” he said.

Read more here

Techweb reports:

Enforcement of the security regulations–like earlier HIPAA rules for privacy–will be complaint-driven, he says. Since the HIPAA privacy regulations, which identify what personal health information needs to be protected, took effect two years ago this month, there have been nearly 11,000 complaints filed to the federal government by patients and others. As of January, about 62% of those privacy-violation complaints had been resolved, according to CMS. The others are still being processed or have been turned over to the Justice Department for criminal investigation.

Interesting survey stats:

A survey conducted earlier this year by Privacy and American Business and Harris Interactive showed that 70% of Americans are concerned that their personal health information could be disclosed because of weak data security, and 69% think electronic health records could result in the sharing of their health information without their knowledge. Sixty-five percent think patients will withhold information from doctors because of those concerns.

Some background on HIPAA, and Bush’s goals for electronic medical records:

HIPAA, which was passed by Congress in 1996, was written before the more recent federal push to have the health industry replace paper-based patient files with digital records. The Bush administration last year set a goal for most Americans to have electronic health records by 2014. The government estimates that billions of dollars can be saved annually in the United States by widespread IT deployments that can help reduce medical errors, costs, and waste.

Here at HIPAA Blog, we learn new acronyms on a nearly daily basis (okay, maybe weekly).

Apparently Sarbanes-Oxley is now affectionately referred to as SOX.

GLBA? That’s short for the Gramm Leach Bliley Act.

Hopefully our longtime readers know what HIPAA stands for, but if you’re new to this business, HIPAA stands for:
Health Insurance Portability and Accountability Act

Windows IT Pro magazine has a blurb about Vigilar, which just launched a new feature called AuditPass. Vigilar even has a money-back guarantee that your company will pass compliance and audit checks. Sounds good to me!

Mark Joseph Edwards of Windows IT Pro magazine:

Vigilar announced a new service aimed at helping companies comply with Sarbanes-Oxley (SOX), the Gramm Leach Bliley Act (GLBA), and the Health Insurance Portability and Accountability Act (HIPAA). A compelling feature of Vigilar’s new AuditPass program is that they offer a money-back guarantee that your company will pass compliance and audit checks.

“[A]n organization-wide, systematic approach is critical in sustaining compliance quarter after quarter, which not only minimizes the overall cost of compliance, but also ensures that the entire organization is in compliance and consistently stays ahead of regulatory requirements and deadlines,” said Vigilar President and CEO, Palaniswamy Rajan.

Read more here

Nice article by Bruce Schneier, once again confirming that he is an excellent thinker when it comes to network security issues.

Thinking about implementing 2-factor authentication as part of your HIPAA-compliance strategy? Don’t rely too much on this technique, since attackers are beginning to actively target valuable information in ways that defeat 2-factor authentication.

Two-Factor Authentication: Too Little, Too Late

Unfortunately, the nature of attacks has changed over those two decades. Back then, the threats were all passive: eavesdropping and offline password guessing. Today, the threats are more active: phishing and Trojan horses.

Here are two new active attacks we’re starting to see:

Man-in-the-Middle Attack. An attacker puts up a fake bank website and entices user to that website. User types in his password, and the attacker in turn uses it to access the bank’s real website. Done right, the user will never realize that he isn’t at the bank’s website. Then the attacker either disconnects the user and makes any fraudulent transactions he wants, or passes along the user’s banking transactions while making his own transactions at the same time.

Trojan attack. Attacker gets Trojan installed on user’s computer. When user logs into his bank’s website, the attacker piggybacks on that session via the Trojan to make any fraudulent transaction he wants.

See how two-factor authentication doesn’t solve anything? In the first case, the attacker can pass the ever-changing part of the password to the bank along with the never-changing part. And in the second case, the attacker is relying on the user to log in.

The real threat is fraud due to impersonation, and the tactics of impersonation will change in response to the defenses. Two-factor authentication will force criminals to modify their tactics, that’s all.

HIPAA Regulations Force Medical Practices to Reconsider Email and Web Communications

Hagerstown, MD (PRWEB) March 5, 2005 — The latest updates to the Health Insurance Portability and Accountability Act (HIPAA) call for health care providers to adopt secure communication practices to protect Patient Identifiable Data. While not specific as to which technologies should be used, HIPAA does require physicians and health care providers to examine their use of email and online communication and take appropriate measures to ensure that private information is not compromised. Until recently, this meant implementing an expensive secure server or Virtual Private Network (VPN) solutions, or avoiding the use of email and online communication altogether. Recent software developments and innovations, however, have put HIPAA-compliant email and web solutions within reach of the small health-care provider and physician practice.

DatAchieve Digital is introducing ArticSoft’s FormsAssurity product to its suite of medical web development solutions. Unlike earlier security solutions, FormsAssurity encrypts both web-based email and web inquiry forms on the user’s desktop level, before any information is ever sent over the Internet or stored on a server. “We’re excited about the possibilities this offers both physicians and patients,” said David Layton, Director of Business Operations for DatAchieve. “Many small practices have their hands tied when it comes to using email to communicate with patients or staff, and it can be frustrating for a patient to be unable to request a prescription refill or schedule an appointment from their family doctor’s web site.” “FormsAssurity will enable us to offer that convenience to both patients and physicians.”

More HIPAA technology solutions on the horizon for sure…

Via PRWeb

If you’ve installed Google’s new desktop search tool, you might want to consider the security issues of having software that caches SSL-encrypted traffic specifically so it can be rapidly and easily searched. This has clear implications for administrators responsible for maintaining HIPAA-secure information technology.

InfoWorld: SSL VPN security threatened by desktop search engines: November 12, 2004: By Tim Greene, Network World Fusion : SECURITY

New PC indexing tools such as Google (Profile, Products, Articles) Desktop Search pose security risks to businesses that use SSL remote access because the tools copy material accessed during SSL sessions and make it available to unauthorized people who later use the same PC.

Read entire article

(Via HIPAA Clicks - HIPAA RSS feeds)

Looks like there is a free trial download for this product. Might be worth checking out if you’re a small operation in need of a low-cost solution. We haven’t tried this or evaluated it, so this is just a heads-up — another company advertising solutions for HIPAA compliance, this time with potentially a pretty reasonable price tag.

PRESS RELEASE: $99 HIPAA Compliance Automated Software Product Introduced by 3DGrid

$99 HIPAA Compliance Automated Software Product Introduced by 3DGrid

HIPAA Checkup Essentials — Low Cost product created by the leading HIPAA compliance solution provider for small and medium sized practices.

SEATTLE (PRWEB) October 18, 2004 — 3DGrid, Inc., the leading provider of HIPAA compliance solutions for small and medium sized healthcare practices, today announced the launch of HIPAA Checkup Essentials, a tool that provides essential HIPAA compliance resources for $99.

The tool is a sophisticated primer designed to help practices begin to meet their HIPAA Security compliance requirements. HIPAA Checkup Essentials is designed for practices that are unsure of how much or how little they might need to do for the forthcoming HIPAA Security Rule, but are willing to do some of the basics to get started. The product can be upgraded to the full HIPAA Checkup Suite with minimal effort and cost.

“We built HIPAA Checkup Essentials for the small practice that is unsure of its obligation under the HIPAA Security Rule, but wants to make sure to cover the basics. If the practice comes to understand the value of a fully automated compliance solution, we will upgrade them to the HIPAA Checkup Suite in a seamless fashion.” said Tobin Arthur President and CEO of 3DGrid.

HIPAA Checkup Essentials is now the premier HIPAA compliance product on the market under $100. The product was developed in response to requests by some practices that just wanted the essential form and policy templates needed to get their HIPAA documentation underway.

About 3DGrid Healthcare Solutions
3DGrid Healthcare Solutions is a Seattle-based software development firm dedicated to cost-effectively delivering Fortune 500-quality technologies to the small and medium sized healthcare practice environment. The 3DGrid team is focused on reducing practice risk while giving providers more time %u2026 time to generate more revenue or time to live life to the fullest. HIPAA Checkup does this by helping doctors and administrators of small to medium sized practices achieve compliance quickly, with relative ease and minimal expense. For more information, please contact 3DGrid at telephone 866-3DGrid-1 or visit us online at www.3DGrid.com.

Contact:
3DGrid
1952 1st Ave. South #3
Seattle, WA 98134
Tel (206) 568.3434
Fax (206) 464.9993
Web www.3dgrid.com

Someone at Microsoft got a phone call about whether or not Microsoft Small Business Server 2003 is HIPAA compliant because it has two network cards.

So today I get asked if there is anything in HIPAA….

So I’m on the phone today and get asked if there is anything in HIPAA that says that ISA server/SBS 2003 is not HIPAA compliant because it has two Network cards.

The final answer to the question was:

Where’s your weak spots? That’s where you need to be focusing your time and budget on.

Counting network cards is not the way to more security.

Amen, sister. :)

More and more, companies are developing HIPAA compliant software that allow doctors and patients to access their medical records while still protecting privacy.

Medical records go online

InteGreat has developed five modules so far. Doctors can process prescriptions electronically, track orders and document their encounters with patients.

Building its Web-based products from scratch and building them in modules sets InteGreat apart, Koeller said.

While the idea of electronic medical records has been around for more than 25 years, Koeller blames the failures of early products for the slow adoption rate.

“More failed than were successful because they required physicians to change the way they practice,” he said. “Today, systems adapt to the way the physician practices.”

Besides patients driving demand for online service, government agencies and health insurers also are pushing for medical records to go electronic, say Koeller and Mark Anderson, chief executive officer of the AC Group Inc. research firm in Texas.

Excluding hospitals, the market for EMR software is expected to grow from $500 million this year to $5 billion in 2008, Anderson said. But with 270 companies selling EMR software, most of them small players like InteGreat, there will have to be shakeouts in the years ahead, he said.

InteGreat is well positioned, though, Anderson said. Doctors want products that are easy to use, and the ability of InteGreat’s products to share information across a patient’s community of doctors sets it apart, he said.

(Via Jeff’s HIPPA Blog)

Guidance Software describes EnCase as a “network-enabled forensics, incident response, and security analysis tool.” Not only capable of ensuring your systems are properly patched, EnCase is fed by your intrusion detection system to closely track attacks and record them with snapshots for later review. Further, EnCase is an excellent tool for automating compliance testing for stringent regulations such as HIPAA. Companies can quickly search through servers and workstations from a single console for sensitive documents and images, then determine how files have been distributed through the enterprise and by whom.

Read the full article here.