Howard Anderson writes:
The Department of Defense and two other government agencies have issued a proposed rule designed to help ensure that government contractors provide adequate privacy training to their staff members. The proposal comes in the wake of a recent healthcare information breach incident involving a contractor to TRICARE, the military health program.
Read more on GovInfoSecurity.
As an aside, SAIC reportedly did not seem to think they were obligated to provide individual notification under HIPAA/HITECH, saying, instead, that they were complying with Department of Defense guidelines. So the DOD gives individuals more protection and notification rights than HIPAA/HITECH? Interesting. This is where some uniformity would help.
Thanks to PRC_Amber for the link.