ANSI, a number of its member organizations, and international standards organizations have carried out important standardization work intended to bolster consumer protections associated with the rising use and popularity of electronic health records, digital payment systems, and other electronic media technologies. New developments in technology have led criminals to create new scams and new types of fraud targeting consumers, making the work done in this area by standards organizations all the more important.
In March 2012, ANSI's Identity Theft Prevention and Identity Management Standards Panel (IDSP), in partnership with The Santa Fe Group and the Internet Security Alliance (ISA), released a report - The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security - that calls on healthcare organizations to implement enhanced security to effectively secure consumers' protected health information (PHI). The report provides a five-step method enabling healthcare groups to accurately estimate the financial costs of a PHI breach and provides guidelines to help organizations determine the investment required to effectively safeguard this data. To access the full report, click here.
An International Organization for Standardization (ISO) International Standard, ISO 18308:2011, Health informatics - Requirements for an electronic health record architecture, serves an important consumer protection function by setting down requirements for electronic health record (EHR) systems. The standard was developed to bolster the creation of EHR systems that process, manage, and transmit EHRs. ISO 18308:2011 was developed by ISO Technical Committee (TC) 215, Health informatics. The Secretariat of TC 215 is held by the U.S. and ANSI member the American Health Information Management Association (AHIMA) serves as the delegated secretary and associated ANSI-accredited U.S. Technical Advisory Group (TAG) Administrator. Christopher Chute of the U.S.'s Mayo Clinic serves as the committee's chair.
X9 Incorporated Accredited Standards Committee (ASC X9), another ANSI member and accredited standards developer, has published a standard that helps safeguard consumer bank accounts by providing guidance related to online personal identification number (PIN) verification in automatic teller machine (ATM) and point-of-sale (POS) systems. ANSI X9.8-1:2003, Banking - Personal Identification Number Management and Security - Part 1: PIN protection principles and techniques for online PIN verification in ATM & POS systems, provides basic principles for determining the minimum required security measures for international PIN management, as well as PIN protection techniques in connection with their use in the online environment, among other provisions. The standard is derived from the ISO 9564, which was originally published in 2002.
A standard developed by the International Electrotechnical Commission (IEC), IEC/TS 62045-1 Ed. 1.0 en:2006, Multimedia security - Guideline for privacy protection of equipment and systems in and out of use - Part 1: General, covers privacy protection measures for consumer equipment and systems, and deals with instances where the equipment or systems are in use, as well as out of use. The standard was developed by IEC TC 100, Audio, video and multimedia systems and equipment, which is chaired by David Carlton Felland of ANSI member and accredited standards developer the Society of Motion Picture and Television Engineers (SMPTE). The Consumer Electronics Association (CEA), also an ANSI member and accredited standards developer, serves as the U.S. National Committee (USNC)-approved TAG administrator to TC 100.
For more information about National Consumer Protection Week, visit www.ncpw.gov.