What HIPAA is about:

Using internet and email as electronic communication has been growing extremely fast during our decade, which demands new standards to secure transmission of information. The American Health Insurance Portability and Accountability Act is a set of rules with recommendations and requirements for entities such as health plans, doctors, hospitals and other health care providers. This regulation challenges all entities to be able to assure that all patients’ account handling, billing and medical records should be protected.

The statement of the general Rule of section 164.306 requires all covered entities to secure transmission security which includes two specifications, integrity control that ensure electronical transmission security & encryption.
"The purpose of this final rule is to adopt national standards for safeguards to protect the confidentiality, integrity, and availability of electronic protected health information."
Extracted from: Health Insurance Reform: Security Standards; Final Rule.

Section 164.306, the statement of the general Rule, requires covered entities to:

• Ensure the confidentiality, integrity, and availability of all electronic protected health information (EPHI) the covered entity creates, receives, maintains, or transmits;
• Protect against any reasonably anticipated threats or hazards to the security or integrity of such information;
• Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required by the Privacy Rule;
• Ensure compliance by its workforce.

HIPAA is a set of rules with recommendations and requirements for entities such as health plans, doctors, hospitals and other health care providers. The final standard took effect on April 21, 2003 and for most covered entities they had two years from that date to (April 21, 2005) comply with the standard. This regulation challenges all entities to be able to assure that all patients’ account handling, billing and medical records should be protected.

To learn more about HIPAA, visit: hipaa.org

The Solution

Since HIPAA regulations require patient information to be protected from interception during electronic transmission, our system is a secure and simple solution to ensure this transmission over the internet is safe.

Secured eMail can provide your email solution with encryption that is based on AES (Advanced Encryption Standard), in combination with a patented technique called System SKG, which generates dynamic keys. This system contains functions which can verify sender’s identity and synchronizes which key should be used for decryption. Those who send a message will exchange a one time secrecy password, which will generate a 256-bit dynamic encryption key that shields each message making it illegible for third parties during transmission. With this encryption system your email will be secured from the moment it leaves your computer until it arrives at the receiver. Moreover Secured eMail is very easy to use for everyone and it is designed to be adaptable for private use and professional office.

What happens if I do not comply?

"Violations of the Health Insurance Portability and Accountability Act (HIPAA) can carry a $50,000 fine and a 1-year imprisonment sentence. If there is an attempt to sell or otherwise personally gain from a disclosure, the penalties increase to $250,000 fine and 10 years of imprisonment."

What FERPA is about:

The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.

FERPA gives parents certain rights with respect to their children's education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. Students to whom the rights have transferred are "eligible students."

• Parents or eligible students have the right to inspect and review the student's education records maintained by the school. Schools are not required to provide copies of records unless, for reasons such as great distance, it is impossible for parents or eligible students to review the records. Schools may charge a fee for copies.
• Parents or eligible students have the right to request that a school correct records which they believe to be inaccurate or misleading. If the school decides not to amend the record, the parent or eligible student then has the right to a formal hearing. After the hearing, if the school still decides not to amend the record, the parent or eligible student has the right to place a statement with the record setting forth his or her view about the contested information.
• Generally, schools must have written permission from the parent or eligible student in order to release any information from a student’s education record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions (34 CFR § 99.31):

 
Schools may disclose, without consent, "directory" information such as a student's name, address, telephone number, date and place of birth, honors and awards, and dates of attendance. However, schools must tell parents and eligible students about directory information and allow parents and eligible students a reasonable amount of time to request that the school not disclose directory information about them. Schools must notify parents and eligible students annually of their rights under FERPA. The actual means of notification (special letter, inclusion in a PTA bulletin, student handbook, or newspaper article) is left to the discretion of each school.

What GLBA is about:

The Gramm-Leach-Bliley Act consists of regulations developed for financial institutions, it is also known as the Financial Modernization Act 1999. This federal law enables the United States to control financial institutions and the manner in which they handle and process private information of individuals.

The Privacy Rules apply to financial institutions and their activities. Affected institutions could also be non bank companies that deal with lending, brokering, auditing, transferring or safeguarding money, preparing return of tax payment, providing financial advice and credit, providing residential real estate settlement services, collecting consumer debts, and more. The Act consists of Privacy obligation policy which emphasizes protection of non-public personal information.

Moreover it also regulates how financial institutions should handle administration, technical and physical safeguards.
For more information regarding GLBA, please visit: http://banking.senate.gov/conf/

Extract:

Extract from regulation Sec. 6801; Protection of nonpublic personal information:

(b) Financial institutions safeguards
In furtherance of the policy in subsection (a) of this section, each agency or authority described in section 6805(a) of this title shall establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical, and physical safeguards.
(1) to ensure the security and confidentiality of customer records and information;
(2) to protect against any anticipated threats or hazards to the security or integrity of such records; and
(3) to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.

What SOX is about:

The Sarbanes-Oxley Act was brought into action on July 30, 2002 and affects financial practice and corporate governance regulations. This Act was founded "to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws".
 

Who this law affects:

• Attorneys
• Brokers or dealers and persons employed by a broker or dealer who are involved with investment banking activities.
• Security companies handling electronic transactions
• Non American companies that have such operations in U.S
• Auditors and related firms that review and report on corporate financial statements.

This Act is focused on corporate governance and reporting practices of public companies. It also impacts private firms that one day might become public.

To find our more about SOX, please visit: http://www.sec.gov/.../sarbanes-oxley.htm

Becoming SOX compliant

Extract from 116 STAT. 793 PUBLIC LAW 107-204-JULY 30, 2002
"(2) the term "research report" means a written or electronic communication that includes an analysis of equity securities of individual companies or industries, and that provides information reasonably sufficient upon which to base an investment decision."

What Basel is about:

Basel II began in January 2001, with the full name International Convergence of Capital Measurement and Capital Standards - A Revised Framework, it is also named The New Accord, based on Basel I originated from 1988.

The regulations mainly represent recommendations from several countries’ bank supervisors and Central Bankers (Central Bank, Reserve Bank, Monetary Authority) making up Basel Committee on Banking Supervision to revise the international standards for measuring the adequacy of a bank’s capital.

The reason to create these rules are setting international standards, and also to promote greater consistency in the way bank and banking regulators approach risk management across national borders.

The final version of Basel II came June 2004 and aims to follow:

1. Ensuring that capital allocation is more risk sensitive.
2. Separate operational risk from credit risk, and quantifying both.
3. Attempting to align economic and regulatory capital more closely to reduce the scope for regulatory arbitrage.

These rules rely on three pillars:

1. minimum capital requirements
2. supervisory review
3. market discipline - to promote greater stability in the financial system.

The second pillar, supervisory review, deals with regulators and "tools" needed to protect risks that bank faces such as name risk, liquidity risk and legal risk. Mainly, Basel II promotes equally security as Sarbanes-Oxley financial security. These regulations will be implemented in 100 countries within the next year.

What SEC Rule 17a-4 is about:

SEC Rule, this act permit single trading of single stock and narrow based stock. It regulates commission merchants, brokers and dealers and may affect their transactions in security with respect to the treatment of customer funds, securities, or property maintenance of books and records, financial reporting, or other financial responsibility rules, involving *"SFP".

The rules require that all firms conducting business in *security futures products (SFP) will be applicable to their accounts, recordkeeping, reporting and certain other rules applied to transactions, to secure transactions and accounts in which security future products are held. Effective date for these regulations is September 13, 2002.

*Security Futures product (SFP), a person must be registered both as an FCM or as an introducing broker ("IB") with the CFTC and as a broker-dealer with the SEC to effect SFP transactions.

Here is a brief example of procedure that governs storage of all electronic message including email and instant messages for members. To comply to this rule the customer must dedicate e-mail server archive for example with an Exchange Server, IBM Lotus Notes or equivalent, using backup server system or Hierarchical Storage Manager (HSM).

Requirements for email archive storage are:

• Stores original records
• Makes records full accessible with text search and retrieval
• Creates index for aid in search
• Stores duplicate records
• Stores duplicate index
• Audits all archive activity

The most preferable storage is email archive server. A court request might force you to load, read and search in all backup tapes. Secured eMail sema.file can be stored in an archive environment. In Enterprise edition the administrator can handle storage by setting policies to store sema.files and to set your own company policy concept to handle email copies. With Enterprise you can also encrypt all your emails to send and receive secured during transmission and into storage.

What NASD Rule 3010 is about:

NASD - National Association of Securities Dealers, known as an industry organization with board members from most exclusively represented security firms. NASD is the primary Self Regulatory Organization (SRO) responsible for the regulation of persons & companies involved in the security industry in the United States.

The organization act as one of the largest private-sector regulator and has the power to take disciplinary actions including fines and revocation of licenses against members that have broken these rules. It builds valuable trust and act as safeguard for individual investors. About 5160 brokerage firms and more then 663,535 stockbrokers and registered members fall under this jurisdiction.

NASD function is registration of security firms, write rules to govern their behaviour, examine for compliance, and when needed also take action to those who not follow regulations. It also refers and complies with SEC Rules.