February 01, 2013 Added by:Danny Lieberman
In our previous post on patient privacy, we noted that patient data loss is a lot like planes disappearing in the Bermuda Triangle – no one really knows where the planes disappeared to, since the people on the planes never return to tell the story...
January 22, 2013 Added by:Danny Lieberman
After the sanity check with the team that constructed the threat scenarios, you and your HIPAA consultant need to calculate your Value at Risk. Calculating VaR will help shed light on where to save money and where to spend money...
January 16, 2013 Added by:Ed Bellis
Gene Kim was kind enough to provide me with an advanced review copy of The Phoenix Project who is a co-author of the book. Fair warning: the first half of this book brought back nails-on-a-chalkboard type memories of dealing with large-scale audits and everything that comes with it...
January 13, 2013 Added by:Larry Karisny
We start with one big problem. Internet architecture was never made for security. One of my earliest articles quoted the father of the Internet Vint Cerf by saying, "One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid. We did not do that with the Internet."
January 05, 2013 Added by:Danny Lieberman
Patient data loss is a lot like planes disappearing in the Bermuda Triangle – no one really knows where the planes disappeared to, since the people on the planes never came back to tell the story. The same way we talk about patient data loss and never really consider how you can “lose” patient data and whether it can be “returned”.
December 17, 2012 Added by:Randall Frietzsche
We need a well-conceived set of administrative and technical controls - our policy, while still acknowledging that every living creature on the planet is organically attached to a smart device, must dictate that the user will follow the policy at risk of termination...
December 10, 2012 Added by:Michelle Drolet
Two security firms, the established Rapid7 vulnerability manager and eGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for the IT security industry that hasn’t been done before: a combination security and compliance posture management...
November 19, 2012 Added by:Bill Mathews
That’s right, I got an email with my username and password listed right there. That probably doesn’t anger normal people (let alone drive them to write an article about it), but I have never been accused of being normal so I’m pretty annoyed. Here, in no particular order, are my reasons for the anger and frustration...
November 08, 2012 Added by:Danny Lieberman
Many technology vendors tout the idea of self management, and the advantages of mobile healthcare apps, virtual visits, tablets and e-detailing but in fact, a face-to-face relationship with a doctor is more powerful than a digital relationship alone. We don’t need Sherry Turkle to tell us that...
October 21, 2012 Added by:Rafal Los
Organizations that make up the small to medium enterprise market are finding themselves in trouble as they are appearing on a lot of radar screens for attack, yet can't seem to find the resources they need to defend themselves adequately. Lots of challenges present around that point, to start off with...
October 16, 2012 Added by:Danny Lieberman
If pharmaceutical companies can access data from patients, then they can design and manufacture better products. This is good for patient health but problematic for current regulation of patient privacy. There is no such thing as patient privacy once big commercial ventures like large pharmas get involved...
October 03, 2012 Added by:Danny Lieberman
In order to prevent breaches of patient privacy, we first need to establish baseline business requirements for the organization. There are 6 business requirements for preventing patient privacy breaches, these are “must items” for any healthcare business unit manager...
September 17, 2012 Added by:Danny Lieberman
Humans being are naturally curious, sometimes vindictive and always worried when it comes to the health condition of friends and family. Being human, they will bend rules to get information and in the course of bending rules, breach patient privacy...
August 29, 2012 Added by:Danny Lieberman
As social media becomes part of the continuum of interaction in the physical and virtual worlds, privacy becomes an issue of discretionary disclosure control. Online privacy and patient privacy will evolve into a market for products and services with stratified pricing, packaging and product positioning...
August 20, 2012 Added by:Danny Lieberman
EHR interconnected with HIE systems have a big threat surface, because of big, very complex software systems with a large number of attacker entry points. Healthcare system vulnerabilities are compounded since everyone is using the same technology from Microsoft and following the same HIPAA compliance checklists...
June 11, 2012 Added by:Danny Lieberman
The short answer is that you should not store PHI (protected health information) on Dropbox since they share data with third party applications and service providers - but the real reason is you should not use Dropbox for sharing information with patients is simply that it is not private by design...
White House Website Includes Unique Non-Cook... makejoh makejoh on 07-28-2014
EBS Encryption: Enhancing the Amazon Web Ser... makejoh makejoh on 07-28-2014
Security and the Internet of Things... makejoh makejoh on 07-28-2014