Category Archives: Compliance
A Transition Strategy for Achieving Web Accessibility on Business Websites
In the absence of specific regulations for Web accessibility in the Americans with Disabilities Act (ADA), businesses are left without legal guidance on how to make their complex Web sites accessible. Some advocate for full compliance with WCAG 2.0 in all content while others argue that nothing is required at all.
Businesses new to Web accessibility should develop a transition plan that follows the approach used for physical buildings under the ADA. Specifically, new Web pages should fully comply with Web accessibility standards, while legacy content should first focus on essential accessibility changes that are relatively quick and easy to make.
HIPAA Omnibus Rule Takes Effect
A few weeks ago the long-awaited final omnibus rule that modifies the Health Insurance Portability and Accountability Act (HIPAA) took effect. HHS Office for Civil Rights Director Leon Rodriguez said, “This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented. These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.”
The changes affect HIPAA covered entities, including health care providers, health systems, health plans (including insured and most self-insured employer group health plans) and clearinghouses. HIPAA business associates, including a wide range of vendors who contract with covered entities and access protected health information (PHI) are also now covered. Examples include technology vendors, services organizations, accountable care organizations (ACOs), and third party administrators.
HIPAA covered entities and business associates generally have 6 months – until September 23, 2013 – to become compliant with the Omnibus Rule. This new ruling will force many vendors to transform both their agreements and their compliance practices. Smart vendors will begin adapting now.
Prevent Breaches Caused by Downloading and Sharing Sensitive SharePoint Documents
Many companies have invested in SharePoint for managing their unstructured information. However, few have realized the potential efficiencies and productivities that SharePoint offers because of concerns about the security of the information stored in it. Worse still, many continue to maintain legacy document management systems to store sensitive information and continue to incur the associated software maintenance, labor and hardware costs. This drastically reduces the ROI on their SharePoint investment.
Our latest white paper The Top 10 Security Challenges with SharePoint Collaboration looks at the top security challenges facing executives and IT managers today.
Previously I answered How to stop IT staff from reading highly confidential documents in SharePoint? In this second post, I will discuss how to keep confidential documents safe when downloaded or shared:
What happens when a user downloads a confidential document from SharePoint to his/her desktop or shares a document from their SharePoint Workspace?
451 Group Says to Automate Information Governance
In a 451 Group report Defining and driving ‘information governance’ in the era of the cloud and ‘big data’, analysts David Horrigan, Carl Lehmann and Alan Pelz-Sharpe position the importance of information governance. The introduction is particularly interesting:
“Information governance means different things to different actors in the enterprise; hence, defining and implementing information governance is much easier said than done. Nevertheless, now is the time to do so because it has become possible to automate much of the process, and the potential benefits of doing so now far outweigh the cost and effort.”
We define information governance as the need to control the content within your organization. It includes the policies created to comply with regulations for privacy and accessibility, and internal policies for confidential company information and intellectual property. It even extends to include website quality and brand integrity. More importantly, it should encompass how these policies are enforced and updated to fit how an individual organization is actually using the information. As highlighted in the 451 Group quote above, automating this process offers significant benefits despite the costs.
Healthcare IT Priorities: Patient Data and Meeting Regulatory Requirements
The InformationWeek 2013 Healthcare IT Priorities survey showed that “more than 60% of health IT pros…cite managing digital patient data and meeting regulatory requirements among their top priorities, rating each a 5 on a 1-to-5 scale.”
The survey also highlighted that healthcare IT pros are struggling to keep pace with the change in the industry. One respondent said, “Most healthcare CIOs are supportive of the majority of the new functional requirements that are being forced on us. However, federal requirements are coming too many, too fast. … The rate of change is such that systems and changes are being implemented less than optimally.”
Another key point within the report is that “less than 15% of healthcare providers have qualified for federal subsidies based on meeting Meaningful Use requirements.” Not only are healthcare organizations struggling to keep up, but they are also losing out on incentive payments.
How can healthcare organizations keep patient data protected, meet regulatory requirements and comply with the Meaningful Use standards to receive subsidies?
LV= Improves Site Quality, Brand Integrity and Accessibility
LV= employs over 5,500 people and serves around five million customers with a range of financial products. As a trusted UK brand, the Web Content Team required a solution for scanning site quality, brand integrity and accessibility to extend LV=’s credibility to the Web.
The Challenge
The Web Content Team at LV= knew that for their website and a dozen subsidiary sites to be viewed as professional and usable, they should be both error-free and accessible. To achieve this level of professionalism, the team relied purely on daily manual reviews of key Web pages for spelling, broken links and accessibility.
The challenge was that deep into the sites, the team did not know if any broken links, typos or brand inconsistencies existed unless it was brought to their attention by a site user. This posed a significant problem when destination links (particularly external links) were broken.
To better serve its five million customers, LV= required a solution that could scan content regularly to provide a more efficient process for addressing site quality. Furthermore, LV= needed to ensure all its Web pages complied with the UK’s Equality Act 2010 and WCAG 2.0 AA accessibility standards as content was changed and updated.
Military Data Theft and the Lessons Your Business Can Learn from It
A Washington Post article reported that Sixing Liu, a Chinese citizen, was sentenced in federal court in violation of a U.S. arms embargo act for stealing thousands of files from L-3 Communications, a small company owning a major defense contract to develop a device called a disk resonator gyroscope for the US government. The article reported that:
“David Smukowski, president of Sensors in Motion, the small company in Bellevue, Wash., developing the technology with L-3 estimated that the loss of this tiny piece of technology alone could ultimately cost the U.S. military hundreds of millions of dollars.”
“…in November 2010, Liu made an electronic archive of his work e-mail and transferred it to his personal computer along with the entire Sensors in Motion program folder, according to court records.”
“… Liu downloaded documents for programs in which he had no involvement, though the judge said Liu knew “just how sensitive the material he had was.””
“…Liu was convicted last September of…possessing and transporting stolen trade secrets.”
The article demonstrates the risk one person’s actions can bring to a military, federal, healthcare, financial or enterprise organization. The article included C. Frank Figliuzzi’s, the former head of the FBI’s Counterintelligence Division, statement to Congress last year that perhaps the most important measure against the theft of proprietary information “is identifying and taking defensive measures against employees.”
Web Accessibility Still an Anomaly
Imagine driving into a shopping mall with no handicap parking spaces, no ramps to get on the side walk and no automatic doors to even get in. It wouldn’t happen in the US today because the ADA requires equal access to “public accommodations,” such as restaurants, retail stores, movie theaters, recreational facilities and other physical spaces. So why in today’s age of online shopping and access to information is it that Web inaccessibility is still the norm?
Last week the Wall Street Journal published an article on how online shopping is extremely inaccessible for the blind. In one example cited, a user was only able to guess the text fields required to complete a purchase. Currently there are no laws in place to ensure corporate websites are accessible to users with disabilities because most courts have ruled that the 1990 Americans with Disabilities Act (ADA) does not apply to the Internet. That however may soon be changing.
Reported in the Wall Street Journal article, “The U.S. Department of Justice is expected to issue new regulations on website accessibility later this year that could take a broad view of the ADA’s jurisdiction over websites. A Justice Department spokeswoman declined to comment.”
SharePoint Security: Will using folders cause problems with document duplication?
Previously I’ve blogged about two folders vs. metadata SharePoint security topics. The first was on the best way to secure documents and the second on when will folder navigation breakdown. In my last post of the series I’ll look at whether or not using folders for controlling document permissions will cause problems with document duplication:
Problem
Folders hide content. If it takes a long time for a user to find an important document, he or she is more likely to make a local copy of that document. Alternatively, that user might also move it to a folder higher up the tree to avoid having to search for it again in the future.
SharePoint Security: When will folder navigation breakdown?
Many companies have a hard time choosing whether to use folders or metadata for security and classification in SharePoint. Out-of-the-box neither folders nor metadata can achieve effective security and classification in SharePoint.
Our latest white paper Folders vs. Metadata: 7 Questions to Assess Using Folders vs. Metadata for SharePoint Content Security looks at the top seven questions and struggles on this topic, and provides insight and solutions for more secure and effective document security.
Previously I blogged on Using Folders vs. Metadata for SharePoint Security and discussed if folders are the best way to secure documents. In this second post, I’m discussing folder navigation breakdown:
Problem
If a user selects a library, all he or she sees is the first layer of folders. This may begin to indicate what files are contained within those folders, but it doesn’t suggest anything about what might be contained within sub-folders. Hiding content and detail from users and forcing them to traverse folders until they find what they are looking for is not efficient.
Subscribe to our RSS Feed 
Follow Us on Twitter 
Find us on LinkedIn 