Be on the wave or under it
The News – 07/23/02
Why You Need to Get Hip to HIPAA
The Health Information Portability and
Accountability Act of 1996 (HIPAA) is a broad-based piece of
legislation that addresses many aspects of health care and health
insurance. It is tempting for companies not directly involved
in health care to dismiss HIPAA as not being relevant to their
businesses. This could be a significant mistake. There are two
areas that HIPAA will affect all businesses.
The first involves the fact that HIPAA,
along with another piece of legislation, the Gramm-Leach-Bliley
Act (GLB), will set a practical and, more importantly, a legal
standard for best-demonstrated security practices. The second
impact of HIPAA will be in creating new software and standards
for the secure exchange of information. First, let’s take a
look at HIPAA’s effect on best-demonstrated practices. We’ll
look at the second effect in the next SNS.
Because it codifies in law a set of security,
privacy, and confidentiality standards, HIPAA will create de
facto standards for all organizations. Until the advent
of HIPAA (and GLB in banking), when a network intrusion case
went before a judge and jury, there wasn’t a single body of
law to refer to in assessing whether a company’s security practice
was consistent with industry standards.
Prosecutors who were trying hackers often
had to assert that a company provided adequate defense against
a hack attack by calling expert witnesses who gave their opinions.
Obviously this left the matter open to interpretation, to the
point that even the inclusion of the word “Welcome” on a logon
screen became a defense against an intrusion – after all, you
welcomed people into your network!
Now there’s a standard, in black and white
legislation, for best-demonstrated security practices, and Matthew
Yarbrough, who heads the cyberlaw practice in Fish
& Richardson’s Dallas office, thinks any savvy defense
attorney will leverage this fact.
All the attorney needs to do is to take
a company’s chief security officer through a checklist of HIPAA
requirements, asking, “Did your company do this? How about this?”
HIPAA becomes a blueprint to attack the idea that a plaintiff
company provided a sufficient defense against intrusion. If
the company didn’t pass the HIPAA checklist test, it could easily
lose the case because its security practices weren’t adequate.
And let's not even think of the possibility of shareholder
Of course, HIPAA deals with privacy and
confidentiality as well, and companies would be additionally
vulnerable in those areas. “For proof of that,”
Yarbrough says, “you
can turn to the case
of Kaiser Permanente. In August of 2000, the mammoth health
insurer accidentally sent 19 of its members e-mails meant for
other patients. Included in the snafu were routine matters and
one member’s question about a sexually transmitted disease.
A year later, it was Eli Lilly’s turn. The pharmaceutical giant
sent an e-mail to about 600 users of its medications for depression,
bulimia and obsessive compulsive disorder. The problem? The
e-mail listed all the recipients in the ‘Cc:’ line, allowing
everyone to see a list including everyone else’s name.”
The Federal Trade Commission settled the Lilly case in January
without penalties because the disclosure was inadvertent. However,
in a post-HIPAA world, such email gaffes may be punishable crimes.
So, yes, you need to worry about HIPAA,
even if you don’t directly deal with the health care industry.
Yarbrough says, “If your business does business with a doctor,
hospital or other health care organization, HIPAA may apply
to you. If your business administers its own health plan, the
law applies to you too. In fact, because courts may look upon
it as a benchmark for computer privacy and security, it may
apply to everyone.”
We’ll take a look at the second general
effect of HIPAA, the availability of new software and standards
for the secure exchange of information, in the next SNS.
- Shameless Self-Promotion Dept.: Finally
I’ve put up the Nanotechnology
Resources directory I promised last November.
Also, check out the article I wrote for the Taylor Harkins
newsletter entitled, Do you hate your customers?
It continues the theme from my earlier article, analyzing
the media industry’s response to file sharing.
Finally, and at long last, the CTOMentor wireless white paper,
You Can Take It with You: Business Applications of Personal
Wireless Devices, is available at ITPapers.
- Love the Name: No, it’s not a hairstyle
supervisory shop. Chicago-area firm Gray Hair Management provides
a two to four-member advisory board selected from more than
500 senior executives to help companies with their business
problems. No reason for the plug; I just love the name.
Gray Hair Management
- The Threat of Spyware: Spyware started
out as a way for file sharing systems like Kazaa to track
ad viewings within their software. Without informing its users,
software containing spyware reported back to the company information
on what ads the user saw, and possibly more, such as information
used to access password-protected sites. The spyware also
was able to download executable programs (one called EXPLORER.EXE,
the same name as a Windows system component) and install them
without the user knowing. Nowadays, pretty much all of the
popular music file sharing services use spyware. Thus, spyware
constitutes a security breach on business networks.
Business owners should make sure they have a company policy
against the installation of these file-sharing programs. It’s
also a very good idea to install a firewall, such as ZoneAlarm, on each PC
that will notify the user if any new programs try to access
the Internet. Another good solution is to use programs such
that can help identify and eliminate spyware programs.
- VoWLAN Apparently Patented: From
the apparently-never-ending Stupid Patent Department comes
an item from Symbol, a maker of mobile data transaction systems.
The company has been granted a patent
for handling voice over wireless LANs (WLANs) using Internet
Protocol. Never mind the patent
that Motorola just received for VoIP (Voice over Internet
Protocol). I’m not a wireless tech, but Symbol’s patent looks
like fairly obvious technology.
Windy City – Connected City:
Chicago ranked first in a National Science Foundation study
that counted the number of connections to and from each city
through 41 net backbones. The shocker: San Francisco came
in sixth. The other cities in order:
- The Email Overload: C2C Systems says
some global organizations send and receive up to 4 or 5 million
emails a day, which can lead to many management problems, including
uncontrolled storage of offensive emails, mailbox attachment
bloat, and inappropriate mailbox and folder permissions. Oddly
enough, 10-year-old UK company C2C helps customers develop plans
for legal and security compliance and capacity management for
email systems. They offer a free booklet, Taming the e-mail
- Roam Where You Want To:
Several manufacturers have made recent moves to create multiple-mode
wireless network cards. Envara
has designed a single chip that will support 802.11a, b (Wi-Fi),
and the still-in-development g. The chip won’t be available
commercially until sometime next year. Nokia and GTran Wireless
both have developed a laptop modem that can access 802.11b networks
as well as cell phone data networks. The GTran DotSurfer 5000
works on Wi-Fi and the so-called 3G standard, CDMA2000 1XRTT,
networks (offered by Sprint and Verizon). Most major wireless
network owners, including Verizon, Cingular, AT&T Wireless
and Sprint PCS, say they intend to add 802.11b to their cell
networks, moving to preempt the competitive threat offered by
free or cheap Wi-Fi nets. In one of the earliest moves, VoiceStream
Wireless bought MobileStar, which sells wireless Internet access
in Starbucks cafes.
A possible wild card in this mix is tiny startup EtherLinx, whose Smart Spectrum™
technology claims to extend the reach of Wi-Fi from 300 feet
to up to 50 miles. The company combines software, firmware,
and data networking algorithms to achieve this astonishing range.
They have been running a small, for-pay trial in Oakland, California,
for the past year. And the best part? No truck roll for installation.
- Wireless Users Will Upgrade:
Alert SNS Reader Dean Cowdery sent along an item from the
wonderfully named Darwin Magazine. It says that 31 percent of
US wireless phone users are looking to upgrade in the coming
year. More than half (52 percent) are looking to access to the
Internet, while 64 percent want to send and receive e-mail.
The largest percentage (80 percent) says address book applications
are a priority. All these stats are fine, but the puzzling one
is this: Of those looking to upgrade, only 18 percent say they
plan to do it for better handset functionality. What? They don’t
like the color or something?
Wayback Machine – A Year Ago in SNS
lead article in the July 23, 2001 edition
of SNS was Broadband a Broad Yawn?a
consideration of the state of the hype about broadband. Broadband
was going to really take off in 2002, according to the prevailing
thinking. WildBlue, a nascent satellite broadband provider,
was to start offering 3Mbps bi-directional service (400Kbps
upstream) in 2002. Guess what? They’re now targeting 2003.
Halostar Network from Angel Technologies and Raytheon planned
to offer 52Mbps via HALO-Proteus aircraft that would fly fixed
patterns in the stratosphere (51,000 feet and higher) over
major cities. The Angel Web site appears to be mostly unchanged
in the last year, and perhaps longer, plus there has been
no press coverage. The main change in the site is the offering
of commemorative stock certificates.
Doesn’t sound good.
Sky Station, led
by Alexander “I’m in charge” Haig, planned to use a blimp
which can be maneuvered on a guided path or held geostationary
in the stratosphere at 68,000 feet to deliver speeds of up
to 2Mbps uplink and 10Mbps downlink. Instead of starting service
in 2002 as planned a year ago, they’re now targeting 2004.
The article quoted Peter Jarich, an analyst at The Strategis Group.
Jarich said, presciently, “I don't know if any of these companies
[offering broadband from aircraft] will ever roll out services.
From just a general market standpoint, there's not a compelling
argument for it.”
Also in that edition was the article,
Stupid Email Tricks, about some terrific email blunders
committed by folks either without a clue, or with an itchy
finger on the Send button. Web site Silicon.com from the UK compiled
the list, and selected the top three entries.
They apparently haven’t added any more in the last year, however.
The article Microsoft Won’t Imbed Java in XP speculated on
the reasons for the move. Windows XP did not ship with Java
support, although Microsoft did make available a downloadable
Java VM. Here’s a good analysis of the problem,
pointed out by Alert SNS Reader Larry Kuhn.
Finally, the article First US GPRS Phone and Service Released
was about AT&T Wireless’s rollout in Seattle of GPRS (General
Packet Radio Service), a 2.5G transitional standard that will
eventually be superseded by 3G equipment. The article predicted,
cheekily, that full rollout would probably be in 2002. Well,
AT&T’s GPRS service, known as mMode, is available in 20 states and a joint effort
with Cingular should improve coverage as well. This time,
the future really was a year away.
Just the Right Stuff™
If you subscribed to CTOMentor’s Just the Right Stuff™
newsletter, over the past few months, you’d have received news
nuggets like the following, along with expanded analysis. Your
personalized Information Needs Profile would determine which
of these items you’d receive. For more information, check out
- Palm i705 Debuts
Palm's new i705 provides always-on
access to corporate e-mail and blinks, beeps, or vibrates when
a new e-mail arrives.
- A Single Chip with Phone, GPS, Bluetooth
Ashvattha Semiconductor is readying a single chip that combines
the radio sides of GSM and GPRS mobile phone standards, a GPS
satellite navigation system and a Bluetooth personal area network.
The chip should reduce around $28 off the parts cost adding
the function to a device. The company is also considering adding
802.11a/b and other wireless functionality next year after high
volume production of the triple chip begins.
- Increased Corporate Use of Wireless Data
In-Stat/MDR projects the number of business wireless data
users to grow from 6.6 million at the end of 2001, to more than
39 million in 2006. The business segment (including SOHO, small,
medium and large companies) is currently, and will remain, the
largest group of wireless data services users. This increase
in business subscribers will improve US to wireless data carriers
service revenues from $4 billion in year-end 2001, to more than
$16 billion by year-end 2006.
Get this Stuff as it happens, not months later. Subscribe
to CTOMentor today. Charter subscription discounts
Return to Mike’s
Copyright © 2000-2008, StratVantage Consulting, LLC. All rights
Please send all comments to
Looking to light up your office, your business, or your city?
The WiMAX Guys™ can help you easily provide secure wireless Internet to your customers.
The WiMAX Guys specialize in designing and running wireless networks. We're experienced, we're quick, and we won't cost you an arm and a leg. Give us a call today provide your users a wireless Internet experience tomorrow.
Alert SNS Reader Hall of Fame
About The Author
a New Service from StratVantage
Can’t Get Enough of ME?
In the unlikely event
that you want more of my opinions, I’ve started a Weblog. It’s the fashionable
thing for pundits to do, and I’m doing it too. A Weblog is a datestamped
collection of somewhat random thoughts and ideas assembled on a Web
page. If you’d like to subject the world to your thoughts, as I do,
you can create your own Weblog. You need to have a Web site that allows
you FTP access, and the free software from www.blogger.com.
This allows you to right click on a Web page and append your pithy thoughts
to your Weblog.
I’ve dubbed my Weblog
entries “Stratlets”, and they are available at www.stratvantage.com/stratlets/.
Let me know what you think.
Also check out the TrendSpot for ranking of
the latest emerging trends.
14, 1928 - July 5, 2003
Jane C. Ellsworth
20, 1928 - July 20, 2003