Obama administration modifies HIPAA to strengthen the firearm background check system

The following e-mail was sent Tuesday, January 5, 2016 from the OCR-Privacy-List listserv, operated by the Office for Civil Rights (OCR) in the US Department of Health and Human Services:

On January 4, 2016, the Department of Health and Human Services (HHS) moved forward on the Administration’s commitment to modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule to expressly permit certain covered entities to disclose to the National Instant Criminal Background Check System (NICS) the identities of those individuals who, for mental health reasons, already are prohibited by Federal law from having a firearm.

This modification better enables the reporting of the identities of prohibited individuals to the background check system and is an important step toward improving the public’s safety while continuing to strongly protect individuals’ privacy interests.

The final rule gives States improved flexibility to ensure accurate but limited information is reported to the NICS.  This rulemaking makes clear that, under the Privacy Rule, certain covered entities are permitted to disclose limited information to the NICS.  The information that can be disclosed is the limited identifying information about individuals who have been involuntarily committed to a mental institution or otherwise have been determined by a lawful authority to be a danger to themselves or others or to lack the mental capacity to manage their own affairs – that is, only about those who are covered under the pre-existing mental health prohibitor. 

The new modification is carefully and narrowly tailored to preserve the patient-provider relationship and ensure that individuals are not discouraged from seeking voluntary treatment. This rule applies only to a small subset of HIPAA covered entities that either make the mental health determinations that disqualify individuals from having a firearm or are designated by their States to report this information to NICS

The rule does not apply to most treating providers. 

It is important to note that the vast majority of Americans with mental health conditions are not violent and that those with mental illness are in fact more likely to be victims than perpetrators.  An individual who seeks help for mental health problems or receives mental health treatment is not automatically legally prohibited from having a firearm; nothing in this final rule changes that.  HHS continues to support efforts by the Administration to dispel negative attitudes and misconceptions relating to mental illness and to encourage individuals to seek voluntary mental health treatment.  And the Department remains committed to robust enforcement of the civil rights laws that bar discrimination based on disability by entities that receive funding from the Department.  

The Final Rule is available for review at: http://www.federalregister.gov.

To learn more about non-discrimination and health information privacy laws, your civil rights, and privacy rights in health care and human service settings, and to find information on filing a complaint, visit us at http://www.hhs.gov/ocr/office

To learn more about mental health resources and recovery, visit http://www.mentalhealth.gov


Approximately 50k tax filings lost by Youngstown OH tax agency

Income taxes filed by approximately 50,000 citizens in Youngstown and Girard, Ohio before July 2012 may be victims of a Regional Income Tax Agency (RITA) breach caused by a lost DVD disc.  The discs contained income tax filings which include taxpayer names, addresses, dates of birth, and social security numbers.

The DVD disc was noted as missing when backup DVDs were beign destroyed in November 2015.

The Regional Income Tax Agency (RITA) purports to be sending notices to those possibly impacted and will be offering credit monitoring services for one year to those notified.

Improper secret docs stored at HMC Dockyard

Canadian Forces Base Halifax also known as HMC Dockyard is Canada's east coast navy base and home port to the Atlantic fleet, known as Maritime Forces Atlantic.

A website designer, a Mr. Zawidski, at HMC Dockyard’s intelligence facility HMC Trinity, is currently under investigation after a Canadian Defense information security officer conducted a routine scan of one of the systems.  The scan found sensitive documents with date-stamps between 2004 and 2009 consisting of 1,086 secret documents and eleven confidential documents (“Canada Eyes Only”.)

A military police officer seized from the a Mr. Zawidski’s cubicle and file cabinet at least 4 hard disk drives, 21 CDs, 4 GB USB drive, and 19 floppy disks.

The website designer’s accounts were then frozen and his physical access was revoked from the HMC Dockyard building where he worked.

The person under investigation is now assigned to work on unclassified documents while the investigation continues.

Security of Information Act, which was passed after the attacks in the United States on Sept. 11, 2001, was possibly violated which states "endangering the safety of the secret official code word, password, sketch, plan, model, article, note, document or information. The person in question allegedly improperly stored over 1,000 classified files on their personal network storage.”

Oregon Department of Veteras’ Affairs (ODVA) breach of 967

The Oregon Department of Veteras' Affairs (ODVA) has announced that copies of approximately 967 Certificatse of Release aka Discharge from Active Duty (DD-214) may have been in the possession of an unauthorized person.  Personally identifiable information contained on the DD-214 includes social security numbers, dates of bith, address, and full name.

ODVA Director Cameron Smith stated, “Beyond the more immediate investigation and response for our veterans that are impacted, I have also asked our leadership team for a broader review of our policies and internal controls around veterans’ confidentiality and privacy. The trust our veterans have in our ability to keep their personal information private goes to the core of our work.”  Smith has also state that veterans who may have been affected have been notified and will be offered free credit monitoring services for a year.

Israel missile defense director dismissed for data breach

The Israeli missle defense program is called Homa and its director Yair Ramati has been dismissed.  Yair Ramati was overseeing the development of The Iron Dome, David's Sling, and the Arrow missile interception projects.  Yair Ramati enjoyed a 90 percent success rate with Iron Dom'es short-range interception of rocket attacks from the Gaza Strip.

Yair Ramati was dismissed after it was discovered he violated policy after he kept classified materials on his personal computer.  Several Israel Defense Forces (IDF) leaders have been dismissed for information security breaches.  Colonel Ilan Levy temporarily lost sensitive documents when his car was stolen and Lieutenant Colonel Elad Marom provided classified information to an unauthorized individual.

Israel has received several hundred millions of dollars from the United States to fund three different missle defense systems which include private contractors such as The Boeing Company, Raytheon, and Elbit Systems.

Information Assurance & Cyber Security Research and Education, a 501(c)(3)