Morning Security Brief: NIST Issues Testing Procedures, Dreadlocks Not a Clear Sign of Religion, and HHS Withdraws Privacy Rule

By Teresa Anderson


► The National Institute of Standards and Technology (NIST) has issued procedures for testing information technology systems used for storing and processing electronic health records. The set of 45 test procedures are designed to ensure that electronic health records work across systems developed by different vendors. The procedures evaluate issues such as the level of encryption and whether access is limited to authorized users only.

► A federal appeals court has ruled that a contract security firm did not discriminate against an applicant who wore dreadlocks as part of his Rastafarian religion. A manager with Wackenhut, Clarence McCuller, interviewed Lord Osunfarian Xodus for a security guard position. McCuller immediately told Xodus that dreadlocks were against company grooming policy and that they would have to be cut before Xodus could begin working for the company. McCuller also told Xodus that he could wear dreadlocks for positions in a shipping warehouse but that none of those jobs were open at the time. Xodus told McCuller that cutting his hair was “against his belief.” Xodus then left the interview. Xodus sued Wackenhut for religious discrimination. Wackenhut claimed that McCuller did not know that dreadlocks had religious significance. The court ruled in favor of Wackenhut, noting that Xodus had a duty to clearly state that cutting his hair was against his religious beliefs. In the written opinion of the case, the court noted that “Xodus claims that his use of the word ‘belief’ and the dreadlocks themselves sufficed to notify McCuller of the religious nature of his hairstyle. But unlike race or sex, a person’s religion is not always readily apparent.”

► The U.S. Department of Health and Human Services (HHS) has withdrawn its final rule on breach notification for healthcare data. The rule provided healthcare providers and insurance companies with the appropriate steps to take if private health information were stolen or improperly disclosed. HHS received more than 120 comments on the rule. Many of the comments were critical of the provision that healthcare providers and insurers provide notification of a data security breach only if they felt there was a “significant risk” of harm. Commenters felt that this gave too much discretion to those who were charged with protecting the data in the first place. The agency did not announce when a new final rule would be issued. In the meantime, the interim final rule issued in September 2009 remains in effect.




I had to laugh about the

I had to laugh about the dreadlocks story. What are people thinking these days. There is no law against a company having a dress/grooming code. Companies has rights too. I guess there will always be those people who will use anything to try to make a quick buck.

Casino en ligne

Parier sur ce casino en ligne en ligne rentabilise le temps passé et les fonds misés parce que les versements sont également conséquents.

View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.