NARA Issues New E-Records Guidance. The National Archives and Records Administration (NARA) announced the availability of an electronic records management guidance for PKI digital signature authenticated and secured transaction records. The document was jointly developed by NARA and the Federal Public Key Infrastructure Steering Committee's (FPKI SC) Legal/Policy Working Group in response to a Chief Information Officers (CIO) Council request.

NARA and the FPKI SC conducted focus groups with federal agency personnel to determine the exact scope specific to PKI-unique transaction records that would be most useful to records, legal, and technology personnel.

NARA had previously developed “Records Management Guidance for Agencies Implementing Electronic Signature Technologies” in response to the Government Paperwork Elimination Act (GPEA). This guidance described recordkeeping requirements for electronic signature-related records.

In response to a request from the CIO Council for further assistance beyond that guidance, NARA had also previously developed “Records Management Guidance for PKI-Unique Administrative Records.” This guidance describes PKI-unique administrative records that document functions unique to planning, implementing, operating, auditing, monitoring, and re-organizing/terminating a PKI.

The guidance delineates potential categories of such records that agencies may want to schedule based on a variety of best practice sources. It has been reviewed and approved by NARA , Office of Management and Budget, Department of Justice, the CIO Council, and the FPKI SC.

Source:  ARMA International Washington Policy Brief, April 2005

More information is available at http://www.arma.org/news/policybrief/index.cfm?BriefID=752

XML - What is it?

Extensible Markup Language (XML) is a simple, very flexible text format derived from SGML (ISO 8879). Originally designed to meet the challenges of large-scale electronic publishing, XML is also playing an increasingly important role in the exchange of a wide variety of data on the Web and elsewhere.

XML documents are made up of storage units called entities, which contain either parsed or unparsed data. Parsed data is made up of characters, some of which form character data, and some of which form markup. Markup encodes a description of the document's storage layout and logical structure. XML provides a mechanism to impose constraints on the storage layout and logical structure.

A software module called an XML processor is used to read XML documents and provide access to their content and structure. It is assumed that an XML processor is doing its work on behalf of another module, called the application.

XML can dramatically improve the process of creating, managing, and delivering customized content over a wide variety of traditional and electronic distribution channels. Organizations best positioned to reap the benefits of a transition to an XML content infrastructure are companies who create and distribute large amounts of new and legacy content. Contact QAI to find out how to convert your content from its original proprietary formats into XML.

Sources:
http://www.w3.org/
http://www.exegenix.com/index.html

HIPAA Update

The U.S. Department of Health and Human Services' (HHS) Office of Civil Rights has released two new HIPAA FAQs designed to assist providers with protecting personally identifiable health information.

The FAQs deal with whether a health plan may disclose protected health information to a state child support enforcement agency in response to a National Medical Support Notice and whether a covered healthcare provider may obtain an individual's authorization to use or disclose protected health information to an interpreter.

The Information Technology Laboratory (ITL) at the National Institutes of Standards and Technology (NIST) has also released a guidance document on HIPAA Security Rule implementation. The rule went into effect on April 20. The guidance gives an overview of the security rule and its provisions and outlines information security best practices.

The ITL provides technical leadership for the nation's measurement and standards infrastructure. It develops tests, test methods, reference data, proof-of-concept implementations, and technical analysis to advance the development and productive use of information technology. ITL's responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of information not related to national security in federal information systems.

The Center for Medicare and Medicaid Services (CMS) released the second report in its HIPAA Security Educational Paper Series dealing with physical safeguards. The other report is Security 101 for Covered Entities. CMS has also published a notice in the Federal Register detailing procedures for filing a complaint with HHS in the case of non-compliance with the non-privacy HIPAA provisions . This notice sets forth the procedures for filing a complaint of non-compliance by a covered entity with certain provisions of the administrative simplification rules with the secretary of HHS.

Source:  ARMA International Washington Policy Brief, April 2005