ITT Technical Institutes Closed As of September 6, 2016

ITT Educational Services, Inc., announced that it will be discontinuing academic operations at all of its ITT Technical Institutes permanently. They state that they have eliminated the positions of more than 8,000 employees, and refer to “tens of thousands of unexpectedly displaced students [who will need help] with their records and future educational options.”

Specifically in the Sacramento area, this means that the ITT Technical Institute in Rancho Cordova has been shuttered, “…leaving more than 400 students without an immediate option to finish their education.” (Allen Young, Sacramento Business Journal.) The Sacramento area has experienced additional school closures in the recent past, including Heald College in Roseville and Rancho Cordova and three University of Phoenix campuses.

Did ITT Fail to Deliver on Its Educational Promise to Students?

In its press release, ITT claimed that “…federal actions will result in the closure of ITT Technical Institutes without any opportunity to pursue our right to due process.” The press release states that ITT “…exhausted the exploration of alternatives, including transfer of the schools to a non-profit or public institution.” ITT also states that they were not provided with a hearing or an appeal.

However, other sources describe a different situation. Gizmodo’s Technology Editor, Michael Nunez, stated in his article on ITT’s closure that “ITT Tech and other for-profit colleges have been widely criticized for accepting billions of dollars in government loans while failing to provide adequate job training for its students.”

Sanctions Before Closure Spelled the End

Only days before the closure, ITT had been barred from accepting new students who were using federal loans to finance their educations. These sanctions were driven by concerns about ITT’s business and recruiting practices: “ITT Tech… had been facing accusations from its accreditor of chronic financial mismanagement and questionable recruiting tactics. It is also under investigation by more than a dozen state and federal authorities, including the Massachusetts attorney general, the Consumer Financial Protection Bureau and the Securities and Exchange Commission.” (Melissa Korn, Wall Street Journal)

The Future for ITT Students, Including 35,000 Veterans

The future for now-former ITT students is unclear. Although ITT has been legally required to maintain cash reserves to help support students in case of company closure, Gizmodo reports that the company “is not saying how it will use its reserves,” with ITT maintaining that their press release will be their only comment.

Where Can Students Get More Information?

The Department of Education issued a letter from the Secretary of Education to ITT students on September 6, 2016, providing guidance and links to their ITT announcements page. Initially, students face two basic options: discharge of student loans (under some circumstances); or attempting to transfer credits to other institutions.

However, Leada Gore notes on the Alabama website that students may face unexpected difficulties. For example, if a student is in default of student loans at the time of the closure, they may be ineligible for discharge of their loan.

Even more worryingly, “Veterans attending ITT will be covered under the same provisions related to loan discharge. However, veterans cannot be credited for the months of eligibility under G.I. Bill already used while at ITT. As many as 35,000 veterans attend ITT, according to Student Veterans of America.”

`

Figuring out the details of whether your business is in compliance with HIPAA is an ongoing challenge. At our last HIPAA related Lunch & Learn event, several of our attendees were looking for information on how HIPAA will be conducting its latest phase of audits – how businesses will be selected to be audited (particularly business associates), when the different types of audits will be conducted, and more. Here are some of the latest answers from the Health and Human Services Office for Civil Rights

HIPAA Compliance – FAQs and the Audit Protocol

The OCR’s website offers some helpful definitions and answers to frequently asked questions concerning the audit process. A few important highlights include:

• Timing for audits – The Health and Human Services Office for Civil Rights (OCR) began audits for Phase 2 of the HIPAA Audit Program back in March 21, 2016. The OCR states that “Phase 2 is currently underway. Selected covered entities [CE] received notification letters July 11, 2016. Business associate [BA] audits will start in the fall.” The OCR also warns businesses to double check that the emails are not blocked by any spam filters.

• Basis for selecting those who will be audited – The OCR states that for Phase 2, they are “identifying pools of CEs and BAs that represent a wide range of health care providers, health plans, health care clearinghouses, and business associates.” Their plan is to examine a broad spectrum of candidates to allow them to better understand the state of HIPAA compliance across the industry.

As far as BAs go, the OCR will be asking CEs who are being audited “to identify their business associates.” They encourage CEs “to prepare a list of each business associate with contact information so that they are able to respond to this request.”

• Different sets of audits – The OCR’s first set of audits will be desk audits of CEs, followed by a second set of desk audits of BAs. The third set of audits will be onsite, with some desk auditees being subjected to onsite audits. (You can take a look at the OCR 2016 HIPAA Desk Audit Guidance on Selected Protocol Elements for additional details.)

You can also take a look at the actual audit protocol along with some definitions of terms at the OCR’s website. This lengthy table breaks down the audit protocol according to Audit Type, Section, Key Activity, Established Performance Criteria, and the Audit Inquiry.

HIPAA is constantly changing an updating its regulations.? There are still tons of companies that are currently operating without even knowing they need to be HIPAA compliant.? It’s hard to stay on top of the all the changes so if you ever have any questions then please feel free to contact us about any questions you may have regarding HIPAA certification.? You may already be required and could face paying some hefty finds.? You have questions so call us at 916.568.6830 or contact us via form:

CONTACT US!

[contact-form-7 id=”1534″ html_class=”cf7_custom_style_3″]

The online economy is growing fast. The National Retail Federation reported that the number of online shoppers for last year’s Thanksgiving holiday shopping weekend in the U.S. was actually greater than the number of people shopping in stores. And Symantec states in their 2016 Internet Security Threat Report that the business-to-business e-commerce market is expected to be worth $6.7 trillion by 2020. Unfortunately, rapid economic growth naturally attracts the attention of cyber criminals looking to get in on the profits.

For business owners, this means that understanding the basics of mitigating the risk of cyber attacks is only the beginning. We need to take a deeper look at protecting against cyber security risks. Security certification is one area where you can reduce your security risks as a website owner.

Move to stronger security certifications

Although it is tempting to use less expensive certifications, these may leave your website users vulnerable to attacks from malicious parties. And if this happens, it will be your company’s reputation that is damaged as well as your clients’ interests.

DV Certificates

For example, with DV (Domain Validated) Certificates, the authority issuing the certificate does not do extensive research into who owns the website. Often, they simply exchange confirmation emails with whatever address is listed in the domain’s WHOIS record.

Cyber criminals can make use of this to create websites that appear legitimate. For instance, if they were targeting a company with a real website such as OneTwoThree.com, they could register a website named OneTwo3.com, get a Domain Validated SSL certificate, and go on to deceive trusting consumers with a site created to imitate the legitimate site.

SSL/TLS Certificates

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) certificates enable you to encrypt data you send when you visit a website with that certification. This means that ideally, it is safer for you to communicate your credit card details, name, address, and so on. TLS is basically an updated version of SSL; somewhat confusingly, SSL and TLS certificates are often both referred to as “SSL.”

Again according to Symantec’s Internet Security Report, SSL/TLS certificates have been widely adopted since 2015. They report that about 40 percent of all downstream internet traffic (data received by a computer or network; for example, emails, downloaded files, or visited web pages) is now encrypted. They expect this to grow to more than 70 percent of internet traffic within the next year.

Create and commit to a schedule of regular maintenance, updates, and patches

It isn’t enough to secure your website once and then hope for the best. Your website can offer criminals a way into your network and your data. It can also provide them with access to your customers and business partners. This means cyber criminals are motivated to continually come up with new ways to attack you.

Many such attacks can be prevented with regular maintenance and patching. But website owners often fail to keep up, perhaps due to a lack of understanding of their vulnerability. Given that cyber criminals have recently been able to take advantage of poor security in attacks that weakened encryption, and in DDoS (Distributed-denial-of-service) attacks, website owners and managers need to commit to protecting their sites promptly.