Halloween’s annual celebration of spooks and goblins peak is a perfect time to promote awareness and help American businesses and citizens build their skills to guard against the real and growing menace of identity thieves and other cybercriminals by getting involved with the 12^th annual National Cyber Security Awareness Month (NCSAM) in October, begin preparing to participate in the next annual “Data Privacy Day” on January 28, 2016 and joining in other activities highlighted through NCSAM and Data Privacy Day to help deter Cybercrime and identity theft threats. Even if your organization or family choose not to participate in any official or public way, checking out and using the many free resources provides an invaluable, free opportunity to raise your defenses against this rising menace.

Health care providers and organizations, health plans, and their business associates face special legal and ethical mandates to safeguard “protected health information” and other sensitive patient information under the Privacy & Security Rules of the Health Insurance Portability & Accountability Act (HIPAA), state health care, insurance, medical ethics and licensure, identity theft and other laws.   Most health care organizations and providers are sensitive to the need to comply with these requirements as a result of the stiff civil and criminal sanctions associated with violation of these medical privacy and data security requirements and notoriety surrounding stiff sanctions imposed as part of their enforcement, effective operationalization and maintenance of compliance with these rules remains a continuous challenge and only covers a small part of any health care organization’s legal responsibilities and risks.   Health care organizations not only must manage their health care specific  obligations, but also a host of other concerns like those that apply to other organizations.  Getting workforce members, vendors, patients and others to understand and practice good Cyber Security in all aspects of their personal and private lives is key to effective management of all of these risks and responsibilities.

With virtually every American business and citizen now connected to and using the Internet to conduct key personal and business transactions and the constant drive by government and business to digitize regular business transactions, no one agency, business or individual alone can truly know where and who has their sensitive data, much less reliably can defend this data against the identity and other theft and other cybercriminals lurking in the digital world’s virtual streets waiting to strike, then disappear in “Jack The Ripper” style into the darkness of the Internet.  That’s why every American and American business in general – and health industry organizations and providers particularly – should take time to participate and urge others to Get Involved in the 12^th Annual NCSAM activities this month and use the supportive resources offered through that involvement throughout the year.

Celebrated annually in October, NCSAM was created to provide resources to help Americans stay safer and more secure online through public-private collaboration between the U.S. Department of Homeland Security and industry led by the National Cyber Security Alliance (NCSA). NCSAM and its associated activities outreach to consumers, small and medium-sized businesses, corporations, educational institutions and young people across the nation.  NCSAM 2015 particularly focuses on the consumer and his/her needs regarding cybersecurity and safety continuing the overall message of STOP. THINK. CONNECT. Campaign founded in 2010 and its capstone concepts: “Keep a Clean Machine,” “Protect Your Personal Information,” “Connect with Care,” “Be Web Wise” and “Be a Good Online Citizen.” NCSAM seeks to remind Americans to incorporate “STOP. THINK. CONNECT.” into their online routines and offers resources to help individuals understand and put these principles into practice into their online routine at the home, the office and elsewhere.

Designed to be accessible and understandable by consumers, many business and government organizations may want to support and promote their Cyber Security employee and customer training and awareness efforts by participating annually in NCSAM in October, signing up your organization to Data Privacy Day Champion and/or participating in Data Privacy Day on January 28, 2016, or otherwise using and sharing tips, tools and other resources in the Privacy Library such as:

General Privacy & Cyber Security Awareness

• Be A Good Citizen On Line
• Protect All Devices
• Practice Good Online Safety Habits With These Tips & Advice
• Spam & Phishing
• Hacked Accounts
• Check Your Privacy Settings
• Privacy Tips for Teens – A video with STOP. THINK. CONNECT. tips to help teens be privacy-savvy and manage their online reputation.
• “Perceptions of Privacy Online and in the Digitally Connected World,” a summary of the results of a 2013-2014 data privacy study conducted by the National Cyber Security Alliance’s Privacy Messaging Development Committee.
• Data is Permanent Too – STOP.THINK. is this TMI? A short video created by the Intel Corporation.
• Why Privacy Matters – The first in the series of explainers from Zero Knowledge Privacy Foundation.
• The Fine Print of Privacy – The second in the series of explainers from Zero Knowledge Privacy Foundation.
• “The Right to Fail in Citizenville,” a blog by David Hoffman, Director of Security Policy and Global Privacy Officer, Intel (March, 2013).
• The Privacy Engineer’s Manifesto: Getting from Policy to Code to QA to Value, an e-book by McAfee’s Michelle Finneran Dennedy, Jonathan Fox, and Thomas R. Finneran.

Keep a Clean Machine/Cookies & Behavioral Tracking

• Malware & Botnets
• A video about cookies and why they matter created by the Wall Street Journal.
• Information about the Network Advertising Initiative (NAI) offering opt-out of online behavior advertising and provides factual information about online behavioral advertising, privacy, cookies.

Health Privacy

• What is HIPAA and Why Should You Care? A Patient’s Guide to HIPAA (Health Insurance Portability and Accountability Act)
• Medical Records Privacy from Privacy Rights Clearinghouse
• Understanding Health Information Privacy by the U.S. Department of Health and Human Services

Identity Theft Prevention & Clean Up

• Links to resources at fraud.org about how to spot a scam, file a complaint and learn about scams.
• “ID Theft & Account Fraud – Prevention & Cleanup” a helpful resource provided by Consumer Action offered in numerous languages.
• Fighting Back Against Identity Theft and other information for consumers on how to deter, detect and defend against identity theft
• IRS resources about how to report phishing.

Mobile App Privacy & Security

• “Your Apps Are Watching You,” an investigative report from the Wall Street Journal found popular iPhone and Android apps are collecting and transmitting information without users’ awareness or consent.
• Net Safety Tips On The Go app for Android phones  app provides quick, practical, friendly advice one tip at a time.
• Tips to help protect your privacy when using a mobile device provided by the National Cyber Security Alliance.
• Microsoft’s “Location & Privacy: Where are we headed?” and “What Does Your Online Reputation Say About You?”
• Protect your personal information while using public Wi-Fi with this video.
• 10 travel tips for protecting your privacy from PUBLIC WiFi.
• Online Services – Banking, Dating & General Guidelines
• Don’t Upload Financial Data to Questionable Sources video created by the Intel Corporation
• The Perils and Pitfalls of Online Dating: How to Protect Yourself from the Privacy Rights Clearinghouse.
• The Google Privacy Channel on YouTube offers a number of short informative videos on privacy issues including: interest-based advertising; use of privacy settings in Google Latitude; advertising privacy; and how to protect your privacy on Google Chrome.

Student & Educational Privacy & Security

• I want to each online safety for Grades K-2,  Grades 3-5  Middle and High School Higher Education and CSave Volunteer Lesson Plans & Materials
• The Protecting Privacy in Connected Learning toolkit is an in-depth, step-by-step guide to navigating the Family Education Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA) and related privacy issues.
• Securing Your Home Network
• The Family Educational Rights and Privacy Act, or FERPA, is the main federal law that deals with education privacy, but there are a host of other laws, best practices, and guidelines that are essential to understanding education privacy. FERPA|SHERPA aims to provide service providers, parents, school officials, and policymakers with easy access to those materials to help guide responsible uses of student’s data.
• General guidance for parents provided by the department of education Family Educational Rights and Privacy Act (FERPA)
• Student Privacy 101: FERPA for parents and students – Ever have questions about your rights regarding education records? This short video highlights the key points of the family education rights and privacy act (FERPA).

Other Resources 

• Parents 
• Teens & Young Adults 
• Businesses
• Educators
• Privacy advocates outside the U.S.
• Victims of Domestic Abuse

About the Author

Cynthia Marcotte Stamer is a practicing attorney and Managing Shareholder of Cynthia Marcotte Stamer, P.C., a member of Stamer│Chadwick │Soefje PLLC, author, pubic speaker, management policy advocate and industry thought leader with more than years’ experience helping business and government organizations and their leaders manage. Ms. Stamer’s legal and management consulting work throughout her 28 plus year career has focused on helping organizations and their management understand and use the law and process to manage people, process, compliance, operations and risk including significant work in the prevention, investigation and remediation of data breach and other Cybercrime events.

Scribe responsible for leading the American Bar Association (ABA) Joint Committee on Employee Benefits (JCEB) annual agency meeting with the Department of Health & Human Services Office of Civil Rights,Scribe responsible for leading the American Bar Association (ABA) Joint Committee on Employee Benefits (JCEB) annual agency meeting with the Department of Health & Human Services Cynthia Marcotte Stamer’s practice has focused on advising and representing government and private technology, security, health care providers, health plans, health, schools and other educational organizations, insurance, banking and financial services, retail, employer and other organizations about privacy and data security compliance and risk management, breach and other investigations and enforcement, workforce and performance management and other risk management, compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

With data and technology use, protection and management imbedded in virtually every aspect of her client’s operations, data and other confidential information and systems use, protection, breach or other abuse investigation and response, enforcement and liability mitigation and defense and other Cybercrime and Cyber Security challenges are a continuous component of Ms. Stamer’s management work.  Ms. Stamer helps public and private, domestic and international businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup workforce, data breach and Cybercrime, and other legal and operational crises large and small that arise in the course of operations.  Ms. Stamer regularly helps clients design, administer and defend HIPAA, FACTA, data breach, identity theft and other risk management, compliance and other privacy, data security, confidential information and other data security, technology and management policies and practices affecting their operations.   She also helps clients prevent, investigate and mitigate HIPAA, FACTA, PHI and other data breach hacking, identity theft, data breach, data loss or destruction, theft of trade secrets or other sensitive data, spoofing, industrial espionage, insider and other parties misuse of data or technology and other cybercrime and technology use concerns.  Best-known for her extensive work helping health care, insurance and other highly regulated entities manage both general employment and management concerns and their highly complicated, industry specific corporate compliance, internal controls and risk management requirements, Ms. Stamer’s clients and experience also includes a broad range of other businesses.  Her clients range from highly regulated entities like employers, contractors and their employee benefit plans, their sponsors, management, administrators, insurers, fiduciaries and advisors, technology and data service providers, health care, managed care and insurance, financial services, government contractors and government entities, as well as retail, manufacturing, construction, consulting and a host of other domestic and international businesses of all types and sizes.  Common engagements include internal and external privacy and data security compliance, risk management, investigation and remediation, workforce hiring, management, training, performance management, compliance and administration, discipline and termination, and other aspects of workforce management including employment and outsourced services contracting and enforcement, sentencing guidelines and other compliance plan, policy and program development, administration, and defense, performance management, wage and hour and other compensation and benefits, reengineering and other change management, internal controls, compliance and risk management, communications and training, worker classification, tax and payroll, investigations, crisis preparedness and response, government relations, safety, government contracting and audits, litigation and other enforcement, and other legal and operational compliance, risk management, disaster preparedness and response, and liability defense and mitigation concerns arising out of organization’s operations.

Cindy also is widely recognized for her regulatory and public policy advocacy, publications, and public speaking on privacy and other compliance, risk management concerns. Among others, she is the author of “Privacy & Securities Standards-A Brief Nutshell,” “Privacy Invasions of Medical Care-An Emerging Perspective,” the E-Health Business and Transactional Law Chapter on Other Liability-Tort and Regulatory;” “Cybercrime and Identity Theft: Health Information Security Beyond HIPAA;” “Personal Identity Management Legal Demands and Technology Solutions;” “Tailoring A Records Management Plan And Process To Meet Your Legal And Operational Needs;” “Brokers & Insurers Identity Theft and Privacy Perils;” “HR’s Role In Personal Identity Theft & Cyber Crime Prevention;” “Protecting & Using Patient Data In Disease Management Opportunities, Liabilities And Prescriptions;” “Why Your Business Needs A Cybercrime Prevention and Compliance Program;” “Leveraging Your Enterprise Digital Identity Management Investments and Breaking though the Identity Management Buzz;” “When Your Employee’s Private Life Becomes Your Business;” “Healthcare Breaches: How to Respond” and hundreds of other works. Her insights on privacy, data security, and other matters have appeared in The Wall Street Journal, Business Insurance, the Dallas Morning News, Spencer Publications, and a host of other publications. She speaks and has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer works with businesses and government organizations and their management, employee benefit plans, schools, financial institutions, retail, hospitality, and other organizations deal with all aspects of these and other operations performance and compliance management.  She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.

Ms. Stamer also is active in the leadership of a broad range of other professional and civic organizations. For instance, Ms. Stamer serves on the steering committee and as a faculty member of the Southern California ISSA-HIMMS Annual Security Summit and Chaired its 2015 3rd Annual Health Care Privacy Summit.  Ms. Stamer presently serves on an American Bar Association (ABA) Joint Committee on Employee Benefits Council representative; Vice President of the North Texas Healthcare Compliance Professionals Association; Immediate Past Chair of the ABA RPTE Employee Benefits & Other Compensation Committee, its current Welfare Benefit Plans Committee Co-Chair, on its Substantive Groups & Committee and its incoming Defined Contribution Plan Committee Chair and Practice Management Vice Chair; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and a current member of its Healthcare Coordinating Council; current Vice Chair of the ABA TIPS Employee Benefit Committee; the former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division; on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications.  She also previously served as a founding Board Member and President of the Alliance for Healthcare Excellence, as a Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; the Board President of the early childhood development intervention agency, The Richardson Development Center for Children; Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a member of the Board of Directors of the Southwest Benefits Association. For additional information about Ms. Stamer, see here, or the Stamer Chadwick Soefje PLLC website here.  To contact Ms. Stamer, e-mail her at here or telephone (469) 767-8872.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™  provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of Ms. Stamer’s publications our other Solutions Law Press, Inc.™ resources such as:

• Ranching Employers: Labor Department Tightening H-2A VISA Rules For Employing Range Workers
• NLRB 29 Unfair Labor Practice Charges Against Community Health Systems, Inc. Shows Industry Labor Risks
• DOL Schools Halliburton With $18M+ Overtime Settlement; Other Employers & Executives Should Take Note
• Evolving Rules Mean Execs & Employers Should Review Executive Comp
• OCR’s Proposed Sex & Other Discrimination Rules Spell Headaches & New Risks For Health Care Providers, Insurers & Others
• Feds Charges 8 For Alleged $50M In Bogus Student Substance Abuse Counseling Claims
• Check Out & Comment By 10/13 On FDA Proposed Food Labeling Rule Changes
• 10 Practical Pointers To Use Law To Better Strengthen The Legal Defensibility Of Your Business & Its Leaders
• Check Defensibility Of Policies & Practices Given New HHS/DOJ Joint Disability Law Technical Assistance
• New HIPAA Settlement Highlights Internet Applications Safeguards, Whistleblower & Management Oversight Compliance Risks
• McGraw Appointed New OCR Deputy Director
• Tex Docs Urged To Support Medical Board Reforms
• CMS Proposes New Quality Measures, Reporting, Other Changes For FY 2016 Psych Facilities Prospective Payment SYstem Updates
• Great Time To Remind Patients, Employees To Check Their Immunizations Are Up To Date
• CMS Issues Last Call For Comments, Questions On Proposed Medicare Home Health Billing Templates
• CMS Announces ACA 2015 Reinsurance Contribution Training For Self-insured Group Health Plans, Health Insurers
• CMS Updates For Health Insurance Issuers On ACA Enrollment & Payment Data Reporting
• U.S. Businesses & Their Leaders Face Rising FLSA Collective Action Liability Risks
• Hone Workforce Management By Making Your HR The “Performance Department”
• Health Plan Sponsoring Employers, Insurers & Administrators Confirm Out-Of-Pocket Limits & Practices Up-To-Date
• Improve HR Value To Company By Making HR A Performance Rather Than People Department
• Sponsoring Employers Face Excise Taxes, Other Liabilities Unless Health Plans Comply With ACA Out-Of-Pocket & Other Federal Rules
• Legal Review Of Health Plan Documents, Processes Needed To Mitigate Employer’s Excise Tax & Other Health Plan Risks
• Comment On Proposed Changes To FDA Food Labeling Rules Due October 13
• EEOC ADA Suit Against Magnolia Health Highlights US Employer’s Growing Disability Discrimination Risks
• Proposed OSHA Regs Will Clarify Employer’s Continuing Duty To Ensure OSHA 300 Log Completeness

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here.

©2015 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.. All other rights reserved.