Wednesday, December 15, 2010
2011 Data Security and Privacy Trends
Contact me at witsowitz@m2powerinc.com for a copy of the 2011 Data Security and Privacy Trends. You will be surprised and it will affect more small businesses and professions such as medicine, law, and accounting.
Wednesday, December 8, 2010
House and Senate Pass Red Flag Exclusion
The House and Senate agreed that physicians should not be identified as creditors under the FTC regulation known as the Red Flag Rule. It now awaits President Obama's signature. That does not mean that the medical industry has dodged a bullet in its responsibilities to protect identities.
While emphasis is on HIPAA as it relates to privacy and identity theft protection, let us not forget that as much as they may be intertwined in data collection and storage requirements they are not intertwined events when used criminally. One can steal an identity and not PHI [protected health information] and vice versa. There is no criminal trafficking of PHI. There is criminal trafficking of identities. Identity theft is lucrative and desired among thieves. It's easy to steal and in medicine it is used to gain access to expensive treatments and drugs. It is also lucrative because it is a repeatable crime that only requires gaining access to the information one time and using it or selling it over and over again. Once identities are stolen it can victimize individuals for years.
PHI, if inappropriately leaked, subjects medical personnel to consequences based upon company policy and subjects the company to HIPAA violations. The harm to the patient in most cases is either embarrassment or personal damages (including possibly economic). Identity theft subjects patients to potential loss of life, limb and civil liberties because there is more than one record out on the same identity. Talk about medical errors.... How is the doctor, NP, RN, or PA charged with treating the patient going to know which is right? How is a receptionist in an ER room or doctor's office going to know? The answer is they can't know 100% for sure.
Be advised that a trend is appearing among state attorney generals that if HIPAA violations occur, they will tack on requirements to include identity restoration as part of the damages. Connecticut was the first to shoot that arrow over the bow and many more are following. Massachusetts set a law in place that if you have a Massachusetts resident doing business in your organization that you are subject to Massachusetts identity laws or don't do business with a Massachusetts resident. The same goes for treating them. So the subject of identity theft is not going away nor is the obligations to conform to state requirements and among other authorities.
While I empathize with my medical industry brethren about not wanting to duplicate or add on any more unfunded mandates than is humanly able, this is one "red flag" we simply cannot ignore. It infiltrates our communities, our schools, our jobs, and our friends and families. It costs more financial loss than HIPAA violations. It cannot be stopped only controlled. Following HIPAA guidelines in good faith is prudent. When you protect an identity you not only save the company and your jobs, but you also save people a lifetime of heart ache and you save their lives.
While emphasis is on HIPAA as it relates to privacy and identity theft protection, let us not forget that as much as they may be intertwined in data collection and storage requirements they are not intertwined events when used criminally. One can steal an identity and not PHI [protected health information] and vice versa. There is no criminal trafficking of PHI. There is criminal trafficking of identities. Identity theft is lucrative and desired among thieves. It's easy to steal and in medicine it is used to gain access to expensive treatments and drugs. It is also lucrative because it is a repeatable crime that only requires gaining access to the information one time and using it or selling it over and over again. Once identities are stolen it can victimize individuals for years.
PHI, if inappropriately leaked, subjects medical personnel to consequences based upon company policy and subjects the company to HIPAA violations. The harm to the patient in most cases is either embarrassment or personal damages (including possibly economic). Identity theft subjects patients to potential loss of life, limb and civil liberties because there is more than one record out on the same identity. Talk about medical errors.... How is the doctor, NP, RN, or PA charged with treating the patient going to know which is right? How is a receptionist in an ER room or doctor's office going to know? The answer is they can't know 100% for sure.
Be advised that a trend is appearing among state attorney generals that if HIPAA violations occur, they will tack on requirements to include identity restoration as part of the damages. Connecticut was the first to shoot that arrow over the bow and many more are following. Massachusetts set a law in place that if you have a Massachusetts resident doing business in your organization that you are subject to Massachusetts identity laws or don't do business with a Massachusetts resident. The same goes for treating them. So the subject of identity theft is not going away nor is the obligations to conform to state requirements and among other authorities.
While I empathize with my medical industry brethren about not wanting to duplicate or add on any more unfunded mandates than is humanly able, this is one "red flag" we simply cannot ignore. It infiltrates our communities, our schools, our jobs, and our friends and families. It costs more financial loss than HIPAA violations. It cannot be stopped only controlled. Following HIPAA guidelines in good faith is prudent. When you protect an identity you not only save the company and your jobs, but you also save people a lifetime of heart ache and you save their lives.
Tuesday, November 23, 2010
Keeping Your Identity Safe During the Holidays
Our exposure to Identity theft is stronger during the holiday season.
Kroll Fraud Solutions Center posted the following tips to keep your personal information safer
Tip#1
Before you hit the stores, the very first thing you should do is take stock of what you are bringing along with you. Clean out your purse or wallet and remove unnecessary key identity components or valuables. Take inventory of whatever you will be carrying. That way, you’ll know what was taken if your purse or wallet is lost or stolen.
For added protection, keep your valuables with you at all times – your purse, wallet, or cell phone is not safer in your locked car than in your possession. Thieves know this is a common habit and will be scanning the parking lots looking for cars they can break in to.
Consider your preferred method of payment before heading out – there are pros and cons to each, and it’s up to the consumer to determine which best suits his or her needs. Generally, from a theft standpoint, credit cards are a safer bet because, unlike debit cards, you usually have more protection against fraudulent charges – many credit cards have a zero liability policy. Cash is another option, but while you will not have to worry about personal identifiers, it will be gone for good if your purse or wallet is stolen. Take your checkbook only if it’s absolutely necessary – stolen checks can turn into an ongoing forgery nightmare and give the thief direct access to your checking account.
Finally, be stingy with your personal information. If a store clerk asks what seems like too much personal information during a transaction, remember that you have a right to ask why it’s needed. Some stores ask for phone numbers or zip codes for customer tracking – sharing this information won’t necessarily increase your risk of identity theft. Beware of shoulder surfers and shield your PIN number while entering it on a keypad. Resist the temptation to apply for credit at the register – you may get a hefty discount on your purchases, but there’s added risk at this time of year that your identifiers will be exposed. Someone may overhear your information or, if it is written down, the paperwork can be easily misplaced.
Tip#2
Contrary to popular belief, online shopping does not necessarily carry any additional risk for identity theft than shopping in the store, provided you are taking reasonable precautions. However, it’s important to remember that thieves generally step up their activities during the holiday season – the increase in online traffic and transaction levels offer plenty of opportunities to steal data.
It sort of goes without saying, but you should never use a public computer (like those found at the library) to perform online financial transactions. Likewise, if the coffee shop is offering free – yet unsecured – wi-fi, don’t be tempted to buy anything there, either. These are high-risk scenarios that offer little protection to the consumer. You never know if a public computer contains spyware, such as a keylogger or some type of malware, and it is very easy for thieves to steal data via unsecured wireless internet hookup.
Even when using a computer you trust, you should make sure you have installed your security software’s latest update and run a scan of your computer. Beyond that, practice smart shopping by visiting reputable sites and being careful not to fall for phishing scams that will try to trick you into giving up or exposing personal information. Some sites may offer great deals, but be skeptical about the level of safety they provide for financial transactions.
Just as you would keep receipts from the stores, keep a record of all your online transactions. Check your debit/credit accounts daily and make sure only the transactions you’ve authorized have been registered. If you see any unauthorized transactions, dispute them with your financial institution immediately. If you haven’t received your monthly statement, call the financial institution to verify that no one has changed the address on your account.
Contact me for more information about how you can protect your identity and that of your company as well.
Happy Thanksgiving
Kroll Fraud Solutions Center posted the following tips to keep your personal information safer
Tip#1
Before you hit the stores, the very first thing you should do is take stock of what you are bringing along with you. Clean out your purse or wallet and remove unnecessary key identity components or valuables. Take inventory of whatever you will be carrying. That way, you’ll know what was taken if your purse or wallet is lost or stolen.
For added protection, keep your valuables with you at all times – your purse, wallet, or cell phone is not safer in your locked car than in your possession. Thieves know this is a common habit and will be scanning the parking lots looking for cars they can break in to.
Consider your preferred method of payment before heading out – there are pros and cons to each, and it’s up to the consumer to determine which best suits his or her needs. Generally, from a theft standpoint, credit cards are a safer bet because, unlike debit cards, you usually have more protection against fraudulent charges – many credit cards have a zero liability policy. Cash is another option, but while you will not have to worry about personal identifiers, it will be gone for good if your purse or wallet is stolen. Take your checkbook only if it’s absolutely necessary – stolen checks can turn into an ongoing forgery nightmare and give the thief direct access to your checking account.
Finally, be stingy with your personal information. If a store clerk asks what seems like too much personal information during a transaction, remember that you have a right to ask why it’s needed. Some stores ask for phone numbers or zip codes for customer tracking – sharing this information won’t necessarily increase your risk of identity theft. Beware of shoulder surfers and shield your PIN number while entering it on a keypad. Resist the temptation to apply for credit at the register – you may get a hefty discount on your purchases, but there’s added risk at this time of year that your identifiers will be exposed. Someone may overhear your information or, if it is written down, the paperwork can be easily misplaced.
Tip#2
Contrary to popular belief, online shopping does not necessarily carry any additional risk for identity theft than shopping in the store, provided you are taking reasonable precautions. However, it’s important to remember that thieves generally step up their activities during the holiday season – the increase in online traffic and transaction levels offer plenty of opportunities to steal data.
It sort of goes without saying, but you should never use a public computer (like those found at the library) to perform online financial transactions. Likewise, if the coffee shop is offering free – yet unsecured – wi-fi, don’t be tempted to buy anything there, either. These are high-risk scenarios that offer little protection to the consumer. You never know if a public computer contains spyware, such as a keylogger or some type of malware, and it is very easy for thieves to steal data via unsecured wireless internet hookup.
Even when using a computer you trust, you should make sure you have installed your security software’s latest update and run a scan of your computer. Beyond that, practice smart shopping by visiting reputable sites and being careful not to fall for phishing scams that will try to trick you into giving up or exposing personal information. Some sites may offer great deals, but be skeptical about the level of safety they provide for financial transactions.
Just as you would keep receipts from the stores, keep a record of all your online transactions. Check your debit/credit accounts daily and make sure only the transactions you’ve authorized have been registered. If you see any unauthorized transactions, dispute them with your financial institution immediately. If you haven’t received your monthly statement, call the financial institution to verify that no one has changed the address on your account.
Contact me for more information about how you can protect your identity and that of your company as well.
Happy Thanksgiving
Monday, November 1, 2010
Is this really the age of healthcare reform?
While suggestions and solutions about how to fix healthcare vary, what is clear is that the election is not resulting in new ideas only rhetoric and fear of change for the purpose of swaying votes. It is about the people or is it about the party?
What is also clear is that the strategy to decide how to reform healthcare in our communities is based on money. Hasn't that strategy already demonstrated how faulty it is? It is not to say that money should not be a consideration. It is to say that money should not be the leading criteria.
For example many doctors grappling with how to shape their practices in the coming decade tend to decide based upon the ability to earn more money first and infrastructure second. When considering whether to become an accountable care organization in the next 14 months most physicians speak about the end result of gaining more income.
History will tell you time and again the failures of approaching growth in that specific manner. Yet like countless of other fads we've seen in the past 20 years, the hype is driving action rather than reality. Becoming an accountable care organization is a good idea that requires a great deal of thought least of which should be about the shared savings physicians may or may not enjoy.
Until we are willing to change our viewpoints about what's really important and in what order of importance, healthcare reform will not succeed well whether under Republican, Democrat, Independent, Libertarian, Social, or Green rule. Is it about the people or is it about the doctor? Is it about the people or is it about the party? Is it about the people or is it about money? As patients we need to do the same. Is it about the care and the cost of it or is it about the value of it and how you define value of care?
Perhaps healthcare should be approached like a business model with a social responsibility. It encompasses so much more than how to make more money or how to save it. Using the 6P method established by Kris Rajan of CoGrow Inc, a practice would have a better chance at long term success.
You can find the 6P model in the book "The Blatant Truth About Owning A Medical Practice".
What is also clear is that the strategy to decide how to reform healthcare in our communities is based on money. Hasn't that strategy already demonstrated how faulty it is? It is not to say that money should not be a consideration. It is to say that money should not be the leading criteria.
For example many doctors grappling with how to shape their practices in the coming decade tend to decide based upon the ability to earn more money first and infrastructure second. When considering whether to become an accountable care organization in the next 14 months most physicians speak about the end result of gaining more income.
History will tell you time and again the failures of approaching growth in that specific manner. Yet like countless of other fads we've seen in the past 20 years, the hype is driving action rather than reality. Becoming an accountable care organization is a good idea that requires a great deal of thought least of which should be about the shared savings physicians may or may not enjoy.
Until we are willing to change our viewpoints about what's really important and in what order of importance, healthcare reform will not succeed well whether under Republican, Democrat, Independent, Libertarian, Social, or Green rule. Is it about the people or is it about the doctor? Is it about the people or is it about the party? Is it about the people or is it about money? As patients we need to do the same. Is it about the care and the cost of it or is it about the value of it and how you define value of care?
Perhaps healthcare should be approached like a business model with a social responsibility. It encompasses so much more than how to make more money or how to save it. Using the 6P method established by Kris Rajan of CoGrow Inc, a practice would have a better chance at long term success.
You can find the 6P model in the book "The Blatant Truth About Owning A Medical Practice".
Thursday, October 21, 2010
Identity Theft up 123%
According to a report by the US Treasury Department, identity theft rose 123% in the past 5 years. The question that begs to be asked is why we aren't taking it seriously? Most believe that monitoring will be enough. What if I told you that monitoring only covers less than 20% of identity theft? Most of identity theft has nothing to do with credit cards and credit reports and if you wait for it to notify you, it's too late.
When you think that all it takes is knowing your name and your date of birth to steal your identity then everyone is at risk because the only form of proving your identity is your driver's license and it has enough information to steal it, use it, and repeatedly abuse it for years to come.
Protecting it is useless if it doesn't include a plan what you are going to do when it happens to you. Ask the 22 year old I met at Applebees the other day when I inquired about how they ID people. Her identity was stolen when she was 6 years old and she just found out. Six hundred hours won't begin to cover what has to be reversed in her case. The cost will be with her for a lifetime. For others the cost will be their lives.
When you think that all it takes is knowing your name and your date of birth to steal your identity then everyone is at risk because the only form of proving your identity is your driver's license and it has enough information to steal it, use it, and repeatedly abuse it for years to come.
Protecting it is useless if it doesn't include a plan what you are going to do when it happens to you. Ask the 22 year old I met at Applebees the other day when I inquired about how they ID people. Her identity was stolen when she was 6 years old and she just found out. Six hundred hours won't begin to cover what has to be reversed in her case. The cost will be with her for a lifetime. For others the cost will be their lives.
Monday, October 4, 2010
State of Connecticut Acts
Five Days ago the State of Connecticut imposed upon all licensed insurance agents, of any type, the responsibility of reporting any identity theft breaches their clients inform them about to the attorney general's office. The attorney general has already taken the stance that any privacy breach that occurs in their state will require identity theft consultation and recovery as part of a company's responsibilities.
Three and one half percent of identities stolen are compromised and the costs to business grows exponentially. Not too many companies do full restoration really. Connecticut fired the first shot. How far behind do you think other states are in enacting the same requirements?
So tell me have you done your privacy prebreach preparedness yet? Do you know if it was done well? Take my test and find out.
As it relates to identity protection "How Naked Are You?" Take the Test. Get Your Score.
Three and one half percent of identities stolen are compromised and the costs to business grows exponentially. Not too many companies do full restoration really. Connecticut fired the first shot. How far behind do you think other states are in enacting the same requirements?
So tell me have you done your privacy prebreach preparedness yet? Do you know if it was done well? Take my test and find out.
As it relates to identity protection "How Naked Are You?" Take the Test. Get Your Score.
Friday, August 27, 2010
For Propriety Sake
For Propriety Sake
My mother passed away four months ago. Recently I began receiving solicitations by mail offering my Mom free services and discounts to local businesses. When I called them to find out how they got my address in New York connected with my Mom’s name from Florida, they told me they bought it from a list broker. When I inquired again with the list brokers, I was advised that they buy their lists from the credit bureaus. Yes you read it right. Experian, Equifax, and Transunion sell our information to list brokers for a fee.
It appears that when we advise credit card companies of the death of a credit card holder they record the correspondent address of the next of kin in their records. They then contact the credit agencies of a change of address which is mistaken as a move to a new neighborhood. As such the list is sold to local business as a new move. While the social security administration is responsible to notify the credit bureaus of a loved one’s demise, it will take a long period of time, leaving the door open to these disconcerting actions.
What is equally troubling is the ability to get all three agencies to stop selling it. The online and customer service centers are designed to work with live individuals who have had their credit reports compromised. There is no support for the death of a loved one. After two months of trying I finally went to the corporate offices of each credit bureau. One effort required getting help at the president’s office.
Here’s what you need to know in order to remove your lost loved one’s information:
• Get a copy of the death certificate.
• Contact Transunion at 800-987-3670 and request Mary Litwa or her department. She will then request you fax her a copy of the death certificate. Stress that you are requesting the suppression of your loved one’s information.
• Contact Equifax at 404 885-800. Request someone in special disputes. They will provide direction to fax the death certificate to 888 826-0573. However you will need to talk to them first to provide appropriate information.
• Send a letter to Experian with a copy of the death certificate and power of attorney or proof of executorship to PO Box 9701 Allen, Tx 75013. Request the “opt out” department.
• Contact the Direct mail association online at https://www.ims-dm.com/cgi/ddnc.php. Register the information of your loved one to stop mail solicitations.
• Make sure you have identity theft protection for your parents long before they become ill and need our support to protect their identities in life and in death. Go to www.ID247.com to get the most support as well as a discount. Contact me for the discount code. They were recently rated by consumer magazine and a copy of that article is available by emailing ester.horowitz@apsaintl.com. Put in the subject consumer magazine.
Identity theft is a growing crime. Dormant social security numbers are a panacea for thieves once it is discovered that is it dormant due to death, incarceration, or an underage child. Don’t give them the chance to learn it. Make sure you notify the primary credit bureaus to suppress the use of their information for any reason.
My mother passed away four months ago. Recently I began receiving solicitations by mail offering my Mom free services and discounts to local businesses. When I called them to find out how they got my address in New York connected with my Mom’s name from Florida, they told me they bought it from a list broker. When I inquired again with the list brokers, I was advised that they buy their lists from the credit bureaus. Yes you read it right. Experian, Equifax, and Transunion sell our information to list brokers for a fee.
It appears that when we advise credit card companies of the death of a credit card holder they record the correspondent address of the next of kin in their records. They then contact the credit agencies of a change of address which is mistaken as a move to a new neighborhood. As such the list is sold to local business as a new move. While the social security administration is responsible to notify the credit bureaus of a loved one’s demise, it will take a long period of time, leaving the door open to these disconcerting actions.
What is equally troubling is the ability to get all three agencies to stop selling it. The online and customer service centers are designed to work with live individuals who have had their credit reports compromised. There is no support for the death of a loved one. After two months of trying I finally went to the corporate offices of each credit bureau. One effort required getting help at the president’s office.
Here’s what you need to know in order to remove your lost loved one’s information:
• Get a copy of the death certificate.
• Contact Transunion at 800-987-3670 and request Mary Litwa or her department. She will then request you fax her a copy of the death certificate. Stress that you are requesting the suppression of your loved one’s information.
• Contact Equifax at 404 885-800. Request someone in special disputes. They will provide direction to fax the death certificate to 888 826-0573. However you will need to talk to them first to provide appropriate information.
• Send a letter to Experian with a copy of the death certificate and power of attorney or proof of executorship to PO Box 9701 Allen, Tx 75013. Request the “opt out” department.
• Contact the Direct mail association online at https://www.ims-dm.com/cgi/ddnc.php. Register the information of your loved one to stop mail solicitations.
• Make sure you have identity theft protection for your parents long before they become ill and need our support to protect their identities in life and in death. Go to www.ID247.com to get the most support as well as a discount. Contact me for the discount code. They were recently rated by consumer magazine and a copy of that article is available by emailing ester.horowitz@apsaintl.com. Put in the subject consumer magazine.
Identity theft is a growing crime. Dormant social security numbers are a panacea for thieves once it is discovered that is it dormant due to death, incarceration, or an underage child. Don’t give them the chance to learn it. Make sure you notify the primary credit bureaus to suppress the use of their information for any reason.
Subscribe to:
Posts (Atom)
