ANX Corporate Blog

Posts filed under Uncategorized

Showing 16 through 20 of 47 total posts

Posted July 28, 2011 3:49 pm by Jason Luke

HITECH Privacy and Security Regulations Update

While the Health Information Technology for Economic and Clinical Health Act (HITECH) of 2009 is over two years old, most people do not realize that many of its requirements are not fully in place yet, specifically the data security and privacy requirements.

Originally, many of HITECH's requirements around privacy and security were supposed to be effective on February 17, 2010. HHS has stated that the expected date of compliance and enforcement of these new requirements, except for the data breach rules, will be delayed until a period after the issuance of the final rules, which are not out yet. Recently, the HHS announced that the final rules implementing HITECH's changes to privacy, security, and data breach notification will be issued together sometime this year,...

Read more


Comments (0) Comment Bubble

Posted July 28, 2011 3:48 pm by Jason Luke

HITECH Accounting of Disclosures Rule

The HITECH act Sec 13405(c) establishes a new right for patients to receive an accounting of who accessed their PHI.

HHS released a Notice of Proposed Rulemaking (NPRM) relating to this new right that expands on the text of the law and has significant impact to covered entities and business associates.

The new proposal creates the right for a patient to obtain a report of all uses and disclosures of their PHI. Since the HIPAA Security Rule requires audit logging, there is a presumption that this data is already collected. There is substantial disagreement as to whether the Security Rule actually requires all the logging that would be necessary to meet this new reporting requirement, and it is doubtful that most companies could easily accommodate such a request. Essentially,...

Read more


Comments (0) Comment Bubble

Posted July 28, 2011 3:44 pm by Jason Luke

Canada's Anti-Spam Law

In December, 2010, Canada filling passed federal anti-spam legislation, after being the only G8 country not to have one. It was Bill C-28, formerly know as Fighting Internet and Wireless Spam Act (FISA). That name was dropped and now it has a variety of names, including Canada's Online Protection Legislation (COPL)

This law now gives Canada the strictest such law in the world and will have dramatic effects on businesses operating in Canada. Unlike the US, where CAN-SPAM covers only email, this law covers any electronic message, which is defined as "a message sent by any means of telecommunication, including a text, sound, voice or image message." So this would encompass all unsolicited email, text messages, tweets, instant messages sent to a business person. It does not apply...

Read more


Comments (0) Comment Bubble

Mobile VPN client delivers reliable, secure remote access to email, files, applications and desktops

Southfield, MI (July 8, 2011) – ANXeBusiness Corp. (ANX), a leading provider of managed security, compliance and connectivity solutions, today announced the availability of PositivePRO Mobile for iPhone and iPad.  Designed for Apple iOS 4.x and above, PositivePRO Mobile for iPhone and iPad delivers secure remote access to mobile users in enterprises running PositivePRO managed virtual private network (VPN) software.

ANX’ PositivePro enables secure remote access to authorized users anywhere in the world. By leveraging the PositivePro cloud-based infrastructure, remote users can securely connect to their corporate resources via their platform of choice, including Windows,...

Read more


Comments (0) Comment Bubble

Posted July 05, 2011 3:08 pm by Chris Noell

PCI DSS 2.0 Clarifies Compliance in Virtual Environments

The good news about the new PCI DSS standard version 2.0 is that it’s not earth-shaking. In most respects, the changes it introduces are relatively minor, and there are no huge hurdles to adopting it. ANX strongly urges enterprises to start their PCI DSS 2.0 migration now to begin realizing some of the benefits it introduces – such as the fact that patching requirements move from the hard deadline of 30 days to a risk-based approach.

 

Enterprises that operate in virtualized environments or are looking to do so should definitely step up to PCI DSS 2.0, as virtualization is one area where the new standard does make substantial changes. There are several improvements that provide insights for best business practices, and that should also make QSAs much more consistent.

 

In...

Read more


Comments (0) Comment Bubble