We knew this would not be an easy transition. The key to success was RPM's ability to manage all aspects of the process, adapt to changing requirements, solve problems quickly and keep the process moving.
- -Patrik Jeanmonod, CFO
Bridge Laboratories
News
5-15-2009 Stimulus Package extends HIPPA Regulations
The American Recovery and Reinvestment Act, Title XIII HITECH (Health Information Technology for Economic and Clinical Health) expands HIPPA regulations to include “business associates”. This will require third parties that handle patient data to comply with HIPPA standards by next year. Prior to this bill, such firms were exempt and only had contractual obligation to data privacy. Companies that handle digital patient information will no longer be able to contract liability and will be required to adhere to the same stringent standards put upon health care providers.
In addition, the U.S. Department of Health & Human Services continues to release details on the disposal of protected information and breach notification guidance. For more information visit the HHS site on health information privacy. http://www.hhs.gov/ocr/privacy/index.html
4-30-2009 FTC Suspends Red Flags Enforcement
The FTC's Red Flags Rule became law Nov 1st 2008. At that time the FTC suspended enforcement until May 1st 2009 and they've now granted another delay until August 1st 2009 to give creditors and financial institutions more time to develop and implement written identity theft prevention programs. For entities that have a low risk of identity theft, such as businesses that know their customers personally, the Commission will soon release a template to help them comply with the law.
Some of the confusion stems around the definition of a creditor and who is obligated to comply. Under the Rule, financial institutions and creditors with covered accounts must have identity theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. The Rule applies to creditors and financial institutions. Federal law defines a creditor to be: any entity that regularly extends, renews, or continues credit. Accepting credit cards as a form of payment does not, in and of itself, make an entity a creditor. Some examples of creditors are finance companies, automobile dealers, mortgage brokers, utility companies, telecommunications companies, hospitals, medical offices, non-profit and government entities that defer payment for goods or services.
The rule requires that businesses to develop a program that identifies and detects the relevant warning signs - or "red flags" - of identity theft. These may include, for example, unusual account activity, fraud alerts on a consumer report, or attempted use of suspicious account application documents. The program must also describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the program. The program must be managed by the Board of Directors or senior employees of the financial institution or creditor, include appropriate staff training, and provide for oversight of any service providers.
For more information visit http://www.ftc.gov/opa/2009/04/redflagsrule.shtm
