The solution implemented included the following: 1. Automatic outbound message encryption. Messages were encrypted when the content filtering engine, referencing HIPAA and PII lexicons, calculated a score greater than the threshold set. 2. Encrypted messages could be delivered to recipients as password-protected attachments. The solution also supported sending affected messages to an online mailbox in the enterprise data center, forwarding a notification to the recipient, and requiring the recipient to log in to the online mailbox to retrieve the message. Remote access was via SSL. However, senior management thought this was too much trouble for vendors, customers, etc. They directed the technical team to go the attachment route. 3. Manual encryption was possible by marking the message confidential.

The solution implemented included the following: 1. Automatic outbound message encryption. Messages were encrypted when the content filtering engine, referencing HIPAA and PII lexicons, calculated a score greater than the threshold set. 2. Encrypted messages could be delivered to recipients as password-protected attachments. The solution also supported sending affected messages to an online mailbox in the enterprise data center, forwarding a notification to the recipient, and requiring the recipient to log in to the online mailbox to retrieve the message. Remote access was via SSL. However, senior management thought this was too much trouble for vendors, customers, etc. They directed the technical team to go the attachment route. 3. Manual encryption was possible by marking the message confidential.

The American Civil Liberties Union today urges the House Energy and Commerce Committee to require patient control of medical records and compensation for privacy breaches to be a part of the standards set for converting to electronic patient records. The ACLU cautions that H.R. 6357, the

The House Energy and Commerce Committee unanimously approved a major health IT bill today and sent it to the full House for action. The committee leaders who sponsored the Protecting Records, Optimizing Treatment and Easing Communication Through Healthcare Technology Act of 2008 (H.R. 6357) made significant concessions to privacy advocates and to those who use health information as they modified the bill approved in June. The PRO(TECH)T Act aims to promote e-health records for all Americans by 2014, as President Bush called for in 2004. It establishes in law the technology standards activities that the Bush administration developed and would provide $560 million in grants and loans for health care providers, particular in small and rural practices and those serving the underserved, to acquire EHR systems.

FairWarning, a supplier of health care privacy auditing systems based in St. Petersburg, Fla., reported revenues for the first six months of 2008 more than doubled over the same period last year. Company executives believe the increase has been due to a rise in electronic identify theft and snooping, as well as the announcement that the Department of Health and Human Services would start to audit hospital compliance with the requirements of the Health Insurance Portability and Accountability Act (HIPAA), In January, HHS's Centers for Medicare and Medicaid Services disclosed plans to audit 10 to 20 hospitals. FairWarning, which was started in 2005, markets to hospitals, health systems and major physician offices. Kurt Long, the companys chief executive officer, said the company has also started working with regional health information organizations (RHIOs). FairWarnings involvement with RHIOs stems from the companys collaboration with such health care applications vendors as GE Healt

Newly developed MIT software will help to allay patients' fears about who has access to their confidential records, facilitating the use of that data for medical research. In the July 24 issue of the journal BMC Medical Informatics and Decision Making, a team of MIT researchers describes a computer program capable of automatically deleting details from medical records that may identify patients, while leaving important medical information intact. Patient records that are to be shared within the research community must have any identifying information removed, according to the U.S. Health Insurance Portability and Accountability Act (HIPAA). However, manual removal of identifying information is prohibitively expensive, time consuming and prone to error - constraints that have prompted considerable research toward developing automated techniques for

We turn away from the GSE mess to focus on the diversity of results in the Q2 numbers for the US banking sector. While overall the financial result for the US banking population is poor, some recognizable names such as Well Fargo (WFC), US Bancorp (USB) and BB&T (BBT) continue to perform strongly. In fact, as of the first quarter of 2008, IRA's analysis to support research on credit conditions suggests that just eight percent of US bank units display evidence of stress and should be the focus of an initial round of industry remediation work. When we roll out the beta version of our credit conditions index with the Q2 regulatory dataset, subscribers to The IRA Bank Monitor will be able to display specific institutions and groups of banks based upon relative credit stress factors. What our observations suggest is that the vast majority of US banks are not evidencing extreme stress in terms of lending capacity and, for example, are far below average risk when viewed based upon metrics suc

The Bush administration would strongly oppose a bill that would give the FDA the power to regulate tobacco, according to a letter Health and Human Services Secretary Mike Leavitt sent to House Republican Joe Barton. The Associated Press reported on the letter yesterday.The bill which takes on a subject thats been batted around for years in Washington has a lot of support in Congress. Its co-sponsored by 56 Senators (including both Obama and McCain) and 233 members of the House. It cleared a key House committee by a vote of 38-12 earlier this year, with the support of 11 Republicans. And, in part because the bill would prohibit the FDA from outlawing tobacco or banning nicotine, Philip Morris USA (part of Altria) is supporting the legislation, the AP notes.

SA says one U.S. bank and several abroad are testing the Bedford, Mass.-based vendor's first security token modeled on a credit card. The RSA SecurID Display Card, which is thin and easily fits in a wallet, is another option that RSA's bank clients can offer their own customers when it comes to online security -- specifically, to meet the Federal Financial Institutions Examination Council's (FFIEC) multifactor authentication requirements. The card could possibly be bank-branded, notes Rachael Stockton, product manager of the RSA SecurID card. But customers actually would need a different security card for each bank, she explains. That's partly because the software that manages the authentication process resides with the particular bank. The latest version of the companion software, RSA Authentication Manager 7.1, released in late May by RSA -- the security division of Hopkinton, Mass.-based EMC -- offers, at additional cost, the option of authenticating customers by using a software to

Watson Wyatt has unveiled its vision for the future of the institutional investment industry, highlighting the key changes which it claims will shape the investor landscape. The research, Defining Moments, identified the shift to absolute return strategies, the increased emphasis on governance and the post-sub prime reassessment of risk as three of the most important changes to the institutional investment landscape. Roger Urwin, global head of investment content, Watson Wyatt, said: There is one word that captures the flavour of the next few years in the financial industry - complexity. This will support increasingly sophisticated investment products and solutions, but will also weigh down decision-taking. While we take the view that these problems are deep-rooted, our positive thought is that this is a world of opportunity for those fit enough to adapt.

Laborers, supervisors and even construction company chief executive officers will have a chance to learn about construction-site safety during two free events next month.Free safety training workshops will be Aug. 8-9 at the Center for Workforce Preparedness building, 1359 Lomaland. The first day will be in English, and the second will be in Spanish.The event will provide training on the Big Four construction hazards - falls, electrocution, getting caught between objects and struck by objects - said Javier Arias, state chairman of the Hispanic Contractors Association De Tejas, the main organizer of the event.Arias, a Dallas resident and owner of Masonry & Stucco Services, said that 38 percent of construction industry deaths in Texas involve Hispanics.

The U.S. Department of Labors Occupational Safety and Health Administration and the Marble Institute of America have renewed an alliance to provide MIA members and others with information and training resources that will help them continue to protect employees safety and health, the MIA announced. During the initial two-year alliance, OSHA and MIA worked together to develop and communicate information to help the associations member employers and employees recognize and prevent job-related hazards, including exposure to silica and hazards related to handling slabs of stone. The alliance also has developed training and education programs for employers and employees. MIAs alliance with OSHA has had a very positive impact on the safety awareness of the natural stone industry and on the tools made available to help train employees and improve job safety, said Gary Distelhorst, executive v.p. of the Cleveland, OH-based MIA.

FISMA, the Federal Information Security Management Act, mandates basic security standards for government information technology systems. It requires agencies to detect and report security vulnerabilities in computer systems, and directs them to improve the information security framework -- the blueprint for how they secure their networks. Many agencies have yet to lock down their systems under the Federal Information Security Management Act. During the 1990s, the government transitioned from mainframe computers to networked computing, connecting federal employees to one another as well as to the public. Agencies also began to create Web sites to present information to the public and offer new ways to access services. But the new networked government also opened up databases to hackers with malicious intent, as well as federal employees who were inclined to snoop through private data. Agencies rarely included plans to secure data or deploy applications that could monitor intrusions or

Various surveys conducted of provider organizations' readiness with the HIPAA security rule two years after its effective date peg it at about 60 percent compliance. No anticipated legal consequence for non-compliance seems to be the excuse primarily used to not spend the extra money. And certainly the Centers for Medicare and Medicaid Services report of only 173 complaints (as of mid-February 2007) regarding the security rule -- none of which resulted in civil enforcement and 17 of which were turned over to the Justice Department for possible criminal prosecution without action -- would suggest that the expense may not be worth the effort. In fact, some organizations have claimed it is cheaper to settle a case out of court than to implement stronger technology.

Providence Health & Services will pay $100,000 to settle a federal investigation of security lapses in 2005 and 2006 that allowed car burglars to walk away with the medical records of 386,000 patients across Oregon and Washington. The Department of Health and Human Services said the penalty is the first of its type to be enforced under the privacy section of the federal Health Insurance Portability and Accountability Act, or HIPAA, since it took effect in 2003. Previously, the agency has only required alleged violators to upgrade their privacy and security practices.

The Basel Committee on Banking Supervision plans to tighten the rules for complex financial instruments sold by banks, forcing them to hold more equity for trading positions to mitigate potential losses, Boersen-Zeitung reported, citing the international regulator. The committee, responsible for drawing up the new framework on banking surveillance known as Basel II, wants stricter parameters for the so-called value at risk (VAR) model used for banks' trading positions, the paper said. While current VAR models usually measure the upper limit of potential losses of a financial portfolio over 10 days with a statistical reliability of 99 percent,

The Basel Committee on Banking Supervision today issued for public comment Guidelines for Computing Capital for Incremental Risk in the Trading Book as well as Proposed Revisions to the Basel II market risk framework.

American Society of Safety Engineers' member Gary Lopez, CSP, testified today during an informal public hearing at the U.S. Department of Labor in Washington, D.C. on the proposed rule for confined spaces in construction. Lopez, senior director of safety for Ranger Construction Industries Inc. in West Palm Beach, Florida, a former member of the American National Standards Institute (ANSI) Z117 Accredited Standards Committee for Confined Space Entry and current chair of the ASSE standards development committee, stated that the proposed rule is unduly complicated, introduces unnecessarily new terminology and burdensome requirements, fails to recognize current and widely understood safety practices that have proven successful both in general industry and construction, and inadequately addresses several vitally important confined space issues.

We've all become accustomed to seeing

Two leading U.S. Democrats said on Tuesday they are investigating the Food and Drug Administration's approval of drugs sold by India's Ranbaxy. Reps. John Dingell and Bart Stupak said in a statement they are probing whether the FDA

As if business needed one more reason to dislike the Sarbanes-Oxley Act, here's a doozy: It may actually worsen the impact of financial statement fraud, the very problem it was created to address. A new report from the Association of Certified Fraud Examiners found that companies that had the controls mandated by Sarbanes-Oxley actually suffered greater losses from financial statement fraud than those that did not have the controls. What's more, the study found, companies whose management certified financial statements and had independent audit committees actually took longer to detect financial misstatements than companies without those controls.

Six years after the passage of the Sarbanes-Oxley Act (Sarbox), there are fewer proponents of the legislation according to a new survey. Just 10% of corporate officials believe that complying with Sarbox had strengthened investors' view of their companies, according to a survey by Oversight Systems.And that paltry figure is down from the 20% the same survey found four years ago. Furthermore, only 29% of the survey's respondents found that compliance with Sarbox reduced the risk of financial fraud at their firms. That figure was down from 33% recorded by the same survey in 2004. Still 69% said that compliance with Sarbox

The Internet has matured from a phenomenon to a transformational infrastructure that is changing our society. Consumers can conduct business from virtually anywhere, and they increasingly expect companies to provide access to services, content, and information anytime, from any device. As enterprises open and extend their IT enterprise to accommodate the demands from their various constituents including employees, customers, suppliers and partners, threats and vulnerabilities increase exponentially. These threats disrupt the key assets of business: data, internal networks, website or commerce portals generating revenue. When attacks on these assets occur, they have a very real impact on the revenue, brand, and productivity of the targeted organization. Therefore, it comes as not surprise that secure business enablement has emerged at the top of the priority list for most CIO s, given the reality of these security threats and the corporate compliance issues companies are required to add

The University of Nevada, Reno's attempt to go green and save money by recycling more than a half-million gallons of water annually has been shot down by a disagreement with a state agency over a tiny pump. Advertisement University safety officials said the pump would have allowed the campus to use 600,000 gallons of water annually to water landscape instead of sending it down the drain. But UNR was ordered to remove the pump last week because Nevada Occupational Safety and Health Administration officials said it violated a code that prohibits any nonessential equipment in the room that houses the air conditioning system that cools the Joe Crowley Student Union building.

Outreach and education events aimed at protecting workers from heat illness have increased over the first six months of this year as has enforcement of the nation's first heat illness prevention regulations, according to figures released by the Department of Industrial Relation's Division of Occupational Safety and Health. Cal/OSHA has conducted 380 heat illness seminars so far this year compared to 284 for all of 2007. Cal/OSHA is also on pace to exceed the number of heat illness prevention inspections, with 659 heat-related inspections to date in 2008 compared to 1,018 for all of 2007.

Cell Therapeutics which markets lymphoma drug Zevalin in the U.S., said Tuesday that it has scheduled a meeting with the U.S. Food and Drug Administration, or FDA, in September. In the meeting, the biotechnology company will talk about the possibility of filing a supplemental Biologics License Application, or sBLA, for using Zevalin as a consolidation therapy after remission induction in previously untreated patients with follicular non-Hodgkin's lymphoma, or NHL. The Seattle, Washington-based company noted that the basis for the filing would be data taken from the First-line Indolent Trial of Bayer Schering Pharma (BSGP.L). Cell Therapeutics recently gained access to the study results through an agreement with Bayer Schering.

An effort to create a common security framework for the health care industry is making progress. The Health Information Trust Alliance (HITRUST), a private company working with healthcare organizations, professional services firms, liability insurers and others to develop the framework, said the industry can expect to see a finished product by January. HITRUST officially launched last December with the goal of establishing trust in the health care industry with regards to electronic information, said HITRUST CEO Daniel Nutkis. The effort is led by an executive council that includes CVS Caremark Corp., Johnson & Johnson Health Care Systems Inc., Humana Inc., Hospital Corporation of America and Cisco Systems Inc.

Abu Dhabi Islamic Bank (ADIB), the UAEs leading Islamic Bank, has announced its latest set of development aimed at enhancing its risk management practices, as part of its ongoing focus on applying highest international standards across its operation. The Bank has created a new function, namely Group Chief Risk Office and appointed Mr. Masarrat Husain to head it. Mr. Husain joins ADIBs senior management team with over 30 years of experience with Citibank and Samba Financial Group in the Middle East, Africa and Europe.

The House Energy and Commerce Committee is expected to vote this week on legislation aimed at creating a nationwide system of electronic health records and protecting patient privacy, but the bill's fate remains unclear, CongressDaily reports. In June, the House Energy and Commerce Health Subcommittee approved the bill, sponsored by Energy and Commerce Chair John Dingell (D-Mich.) and ranking member Joe Barton (R-Texas), by voice vote. Since then, staffers have been negotiating language with industry and consumer advocates, but some individuals involved in those talks say the chances of passing the bill get slimmer as more time passes. Barton and Energy and Commerce Health Subcommittee Chair Frank Pallone (D-N.J.) say the negotiations largely are related to privacy.

Providence Health & Services will pay $100,000 as part of a settlement agreement with federal regulators tied to the health system's loss of electronic backup media and laptop computers containing individually identifiable health information in 2005 and 2006. Providence operates a health plan and seven hospitals in Oregon. The Seattle-based health system also agreed to implement a corrective action plan to ensure that it appropriately safeguards identifiable electronic patient information against theft or loss. Under the action plan, the health system will revise policies and procedures regarding physical and technical safeguards, carefully govern off-site transport and storage of electronic media containing patient information, train work force members on the safeguards, conduct audits and site visits of facilities and submit compliance reports to the U.S. Department of Health and Human Services for three years.

The IT Policy Compliance Group just released its annual report on the state of affairs of what it refers to as IT governance, risk, and compliance (IT GRC). The goal of the group is to promote the development of research and information to assist IT and finance professionals meet their organizations' policy and regulatory compliance goals. They do this by providing information for organizations to improve compliance results by providing reports based on primary research. If you take the time to check out their site, they have other items of interest to anyone charged with the ever growing responsibility of protecting systems from those who have the intent to compromise them.

Pity U.S. IT organizations. Not only must they grapple with rising regulatory and compliance costs, but many are coming to grips with another rising cost: security. Enterprise security is an expensive proposition, one that's likely to get even more expensive as organizations take further steps to protect themselves. The good news, according to a new survey from security software vendor CA Inc., is that all of that money seems to have been well-spent. CA's latest Security and Identity Access Management (IAM) Survey found an overall decrease in the number of organizations that reported virus, network and denial of service (DoS) attacks last year.

Government inspectors have found the same salmonella strain responsible for a nationwide food-poisoning outbreak in a Mexican-grown jalapeno in a Texas plant, prompting a new warning for consumers to avoid eating fresh jalapenos. The Food and Drug Administration called Monday's announcement a

We all need to be systems thinkers. Many are, but not the bureaucrats and regulators in Washington and State capitals. You may call them systems Stinkers. Systems Stinkers think in straight lines. They see a problem; reason their way to an answer without evidence that it will work; and implement their so-called solution. Then they are done, or so they think. Their straight-line thinking usually produces

Will a lawsuit unravel SOX? According to personal finance columnist Jane Bryant Quinn, its quite possible. Over the weekend, Quinn wrote a piece in the Washington Post on a lawsuit pending in front of the D.C. Circuit that could spell doom for Sarbanes-Oxley, the 2002 law passed in the wake of the decades big accounting scandals. At issue in the lawsuit: whether the Public Company Accounting Oversight Board, created under SOX to help clean up the accounting profession, is constitutional. The plaintiff, Nevada accounting firm Beckstead & Watts, argues that the Boards structure and operation, including its freedom from Presidential oversight and control and the method by which its members are appointed, contravene the Constitutions separation of powers principles and Appointments clause. Click here for a copy of the complaint. The initial complaint was dismissed in March of last year. But Beckstead appealed to the D.C. Circuit, where theyre hoping to have better luck. Arguments to

Most administrators and managers release a collective growl in response to discussions regarding compliance management. Achieving Sarbanes-Oxley, ISO 27001, COBIT, HIPAA, and other compliance levels are great goals and requirements for some, but the fact is that most organizations simply do not have the time to dedicate the resources to deliver an accurate assessment. While there are many tools that can address the technology aspects of compliance, not all offer a comprehensive approach to scoring all factors. Recently, I had an opportunity to work with the Modulo Risk Manager platform. I was impressed by its ability to deliver a security index score based on a comprehensive approach that actually starts at the top with business process and proceeds with a top-down approach from the process. From here, specific technologies, staff, facilities, and controls are integrated to provide a comprehensive knowledge base that spans over 11,000 controls, 4200 data collectors, and 250 checklists.

Wyeth Pharmaceuticals' Pearl River research and manufacturing facility will become the 2,000th worksite in the OSHA's Voluntary Protection Programs (VPP). Assistant Secretary of Labor for Occupational Safety and Health Edwin G. Foulke Jr. officially will note the milestone in an induction ceremony and VPP flag raising. He will be joined by Wyeth executives and employees; Robert Kulick, OSHA's new regional administrator in New York; elected officials; and area dignitaries. VPP is a merit-based program that recognizes worksites committed to effective employee protection beyond the requirements of OSHA standards, and encourages cooperative relationships among organized labor, management, and government. VPP worksites have experienced lowered workers' compensation expenses, positive changes in company culture and attitudes, and injury and illness rates on average 50 percent lower than others in their respective industries.

Outreach and education events aimed at protecting workers from heat illness have increased over the first six months of this year as has enforcement of the nation's first heat illness prevention regulations, according to figures released by California's Department of Industrial Relation's Division of Occupational Safety and Health (Cal/OSHA). The department reported it is on pace to exceed the number of heat illness prevention inspections, with 659 heat-related inspections to date in 2008 compared to 1,018 for all of 2007. Cal/OSHA has issued more than 242 citations since the summer began, primarily for failing to have written heat illness prevention plans. During heat waves, special compliance teams are dispatched to outdoor work sites to ensure workers are being properly protected. The Labor and Workforce Development Agency and the Department of Industrial Relations are working with the attorney general and local district attorneys to build criminal cases against employers who disreg

The University of Nevada, Reno's attempt to go green and save money by recycling more than a half-million gallons of water annually has been shot down by a disagreement with a state agency over a tiny pump. University safety officials said the pump would have allowed the campus to use 600,000 gallons of water annually to water landscape instead of sending it down the drain.

OSHA is taking new steps to fight the rise in construction fatalities in New York City, where 20 employees have died in construction-related accidents since January. Late last month, OSHA brought a dozen additional inspectors into the city to conduct proactive inspections of high-rise construction sites, cranes, and other places where fatalities and serous accidents have been occurring. Ongoing inspections have continued under local emphasis programs, or as a result of complaints, referrals, or accidents. The agency says it will review all inspection findings and determine what other steps might be necessary to address what it calls

Wyeth Pharmaceuticals' Pearl River, N.Y., research and manufacturing facility today became the 2,000th worksite in the United States to be recognized in the elite Voluntary Protection Programs (VPP) of the U.S. Department of Labor's Occupational Safety and Health Administration (OSHA). Assistant Secretary of Labor for OSHA Edwin G. Foulke Jr. welcomed Wyeth's Pearl River location into the VPP as a star site, the program's highest level of achievement, in a ceremony held at the facility.

An effort by the University of Nevada, Reno to recycle water used in an air conditioning system for irrigation has been thwarted by state occupational and health officials because of concerns over a pump. University safety officials said the pump at the Joe Crowley Student Union would have allowed the campus to use 600,000 gallons of water annually to water landscape instead of sending it down the drain. But UNR was ordered to remove the pump last week because Nevada Occupational Safety and Health Administration officials said it violated a code that prohibits any

SCA Tissues' converting plant here has been recognized by the Occupational Safety and Health Administration for its outstanding commitment to workplace safety and health. It was awarded Star status in the agency's Voluntary Protection Programs. Advertisement OSHA will present a VPP Star plaque and a flag to company officials and plant employees at a formal ceremony on today [Wednesday, July 23] at the facility, located at 72 County Route 53. Federal, state and local dignitaries have been invited to the ceremony, which will be attended by top company executives, plant management and employees, and OSHA representatives. In achieving this recognition, the SCA Tissue facility in Greenwich joins an elite group. Of the 7 million OSHA-regulated facilities in the United States, only 2,000 - less than 0.03 percent - have achieved VPP Star status.

AS YOUR companys chief information officer (CIO) or chief information security officer (CISO), you are most concerned that governance requirements are not being well defined. There is ambiguity; there are redundancies; there are areas that are not being covered by current procedures. When this happens, risks and exposures are more likely to occur, threatening the integrity of your companys compliance efforts. Add to this, the fact that you wish your information technology (IT) organisation could deliver information faster to executives, allowing them to better evaluate company performance. Your task is not an easy one because you are straddling two worlds the IT world and the business world. On one hand, you are responsible for the IT infrastructure in the organisation the automated reporting, the IT staff manual activities, educating the end users on good security practices. On the other hand, you are now being increasingly expected to enforce a business application governance

A lack of board oversight for IT activities is dangerous, it puts the firm at risk in the same way that failing to audit its books would. The above opinion was expressed by Richard Nolan and F. Warren McFarlane both of Harvard Business School, and was made in the context of companies investing in and using Information Technology. It should be appreciated that there are certain dynamics that drive concerns about information technology that are probably still in embryonic form in our local context. One such dynamic is the intensity of the use of the open capital markets and the concomitant obligations on the part of the Board of Directors to their shareholders for prudent management the funds that are entrusted to them. From an IT perspective this has resulted among other things, in concerns about the appropriateness of mega projects such as Disney Corporations go.com project (shut down after 878M in expenditure) or Nikes 400M investment in software (subsequently written off a

As business continuity and disaster recovery professionals we continue to address the rapidly changing face of business and technology. We are caught up in the frenzy of our employers or clients wishing to converge their voice and data networks. We must maintain the RTOs and RPOs necessary to restore mission critical infrastructures along with all of the electronic data that moves across networks or is stored on magnetic media. We know that companies that go through a severe loss of mission critical computerized records may never reopen. However, as we have seen from past disasters, like those suffered during hurricanes Katrina and Rita or even the most recent floods in the Midwestern portions of the United States, that electronic and digital data is not the only medium of information critical to an organizations business mission. Neither is electronic data the only storage medium of importance to customers or patients who rely upon critical paper records and their protection for thei

Cosmetics company Estee Lauder is relying in part on NAC technology to meet regulations imposed on it by the payment card industry (PCI) and the Sarbanes-Oxley law. Specifically, the $7 billion firm with more than 25,000 employees worldwide is using the security technology to meet PCI requirements to regularly update antivirus software and to develop and maintain secure systems and applications. The company also faces Sarbanes-Oxley requirements that call for verification of policies, access-control assessment, audit capabilities and mitigation of shortcomings based on risk profiles, says Les Correia, senior manager of global enterprise security for the company.

Just when you thought that the drive toward better financial accounting couldn't be stopped, a stick may be shoved into the spokes. A decision expected soon from a federal court might throw the Sarbanes-Oxley Act into limbo. The law, also known as SOX, is essential to the movement for accurate and honest corporate reports. Congress could rescue SOX but perhaps with its beating heart cut out. A sideways challenge to the law is before the U.S. Court of Appeals for the District of Columbia Circuit. The question: whether the Public Company Accounting Oversight Board, created by Sarbanes-Oxley to clean up the Enron-tainted auditing profession, is constitutional. In a June 5 memo, Linda Lord, head of legislative and regulatory affairs for the banking giant UBS, called it

Health Care Compliance Strategies, Inc. (HCCS), the leading provider of online health care compliance and competency training, today announced an exclusive partnership with Healthcare Academy to deliver an extensive series of Patient Care and OSHA online training courses. The library of 60 online courses address the education needs of all staff members, from entry level staff to C-level executives in acute care settings. HCCS and Healthcare Academy are a perfect match, says Judy Hoff, CEO and Founder of Healthcare Academy. Combining these high quality Healthcare Academy courses with HCCS premier health care learning management system, will meet the demanding staff and patient care training requirements of acute care facilities.

A primary cause _ according to the OECD's deputy director of financial markets, Adrian Blundell-Wignall. Completely peripheral _ according to Australia's chief banking regulator, APRA chairman John Laker. The two crossed swords at the Reserve Bank of Australia's Kirribilli private retreat last week, where Laker was discussing a presentation by Blundell-Wignall. Blundell-Wignall is one of the most creative thinkers about financial markets and is widely respected for the chillingly accurate portrayal of how the crisis would unfold _ which he delivered last July, a few weeks before the storm broke. He is a former senior economist at the RBA, to which he still has strong links. Blundell-Wignall fingers two regulatory causes for the crisis: the announcement of the details of how the bank capital regulatory system, Basel II, would work in July 2004 and, paradoxically, a regulatory crackdown on the operations of US mortgage funders Fannie Mae and Freddie Mac in the same year. The first, he sa