HIPAA
HIPAA: It’s About the Information
February 06, 2011 Added by:Rebecca Herold
It is very important that covered entities (CEs), business associates (BAs) and their subcontractors understand that HIPAA applies to protecting the information. It doesn’t matter what the conduit is for how the information is transmitted, or where it is stored and accessed from...
Comments (0)
HIPAA Compliance Investigations and the Insider Threat
February 02, 2011 Added by:Rebecca Herold
The insider threat is significant in all organizations, but impossible to eliminate completely. However, organizations can significantly reduce the associated risks, and demonstrate due diligence for implementing safeguards, by doing the following...
Comments (1)
Proving HIPAA HITECH Compliance
January 30, 2011 Added by:Jack Anderson
There is no third party authorized by HHS to attest to their compliance such as The Joint Commission or JCAHO can attest to accreditation. Even if they could prove to your satisfaction that they were compliant in January, how would you know that they were compliant in February, or March, etc...
Comments (2)
HIPAA, Gabrielle Gifford, and Steve Jobs
January 25, 2011 Added by:Jack Anderson
Steve Jobs the patient has a right to privacy, but does Steve Jobs the CEO have that right? Here we get into dueling bureaucracies; SEC and HHS. The SEC has not issued guidance on whether boards should disclose health issues for directors or officers, however some experts feel that they should...
Comments (1)
Compliance is Not Just a HIPAA - HITECH Issue
January 23, 2011 Added by:Jack Anderson
Failure to maintain an effective compliance program as determined by OMIG may subject a provider to sanctions, including termination from the Medicaid program. If this sounds familiar it is because it is nearly identical to HIPAA compliance rules...
Comments (0)
HIPAA HITECH Compliance for BAs and Sub-Contractors
January 19, 2011 Added by:Jack Anderson
Due to this potential liability CEs are beginning to require proof of compliance before they will do business with a BA or Sub. The big challenge is how to prove compliance so that the CE has "suitable assurance" as required by HIPAA...
Comments (0)
Enterprise Privacy and Infosec (HIPAA-HITECH)
January 16, 2011 Added by:Jack Anderson
A task based methodology is key to providing a step by step process ensuring a complete and comprehensive programs is established. Metrics for measuring performance allow both internal monitoring of progress as well as the ability to demonstrate compliance levels to business partners...
Comments (0)
HIPAA-HITECH Final Rule To Be Published in March
January 06, 2011 Added by:Rebecca Herold
On December 20, 2010, the federal government published “Part II: Regulatory Information Service Center: Introduction to The Regulatory Plan and the Unified Agenda of Federal Regulatory and Deregulatory Actions.” Within it is the long-awaited HHS time line for when they would publish the final rule...
Comments (0)
Healthcare and Security: A Hacker’s Perspective
December 27, 2010 Added by:Renee Chronister
The latest Ponemon Institute study reveals 60% of healthcare providers had more than 2 security breaches in the last year with the average breach costing them $2 million. Whoa! It then goes on to state that 70% of hospitals say protecting patient data is not a priority...
Comments (1)
Business Associates Must Be HIPAA Compliant
October 09, 2010 Added by:Jack Anderson
In response to a question from a potential client I asked Rebecca Herold, The Privacy Professor to comment on when a BA must be compliant. I will let her answer speak for itself...
Comments (0)
Consumerization of IT and Enterprise Evolution
October 05, 2010 Added by:Phil Agcaoili
We have a problem with new disruptive technology and we need to treat all endpoint systems as hostile. New consumer technology that's brought into the workplace (a trend known as consumerization of IT), the consumer use of free or low-cost cloud services for the connected online life, and the enterprise shift towards the cloud for vertical business applications are rapidly affecting the way worker...
Comments (0)
HIPAA Violations Not Always Due to Data Breaches
October 01, 2010 Added by:Jack Anderson
You don't have to have a patient data breach to be in violation of HIPAA rules and regulations. By doing nothing, not even thinking, you probably have already committed a violation. If you don't have a breach notification program in place you are in violation now...
Comments (2)
HIPAA Violations by Associates or Sub-Contractors
September 24, 2010 Added by:Jack Anderson
Hospitals turned the records over to a pathology group who in turn handed it off to a medical billing company and the former owner of the medical billing company Joseph Gagnon stated that they had been dumping the unsecured records at the dump for at least 2 or 3 years...
Comments (1)
the UNPROTECTED - Episode 3
September 18, 2010
Quirky jR. DBA Shelly champions DbProtect, but smarmy programmer Frank endorses a “band-aid” solution. Meanwhile, the clock ticks.
Comments (0)
Indiana's Abandoned Health Records Act
September 12, 2010 Added by:David Navetta
The new chapter specifies new duties given to the Indiana Attorney General related to the identification, handling, and ultimate transfer, destruction or delivery of abandoned health and other records containing personal information...
Comments (0)
More Nonsense with Breach Numbers
September 01, 2010 Added by:Danny Lieberman
Now it’s some lazy journalist at Information Week aiding and abetting the pseudo-statistics of of the Ponemon Institute – screaming headlines of the cost of data breaches of PHI – protected healthcare information...
Comments (0)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox