April 07, 2011 Added by:Rebecca Herold
Health Net is clearly stating that IBM is responsible for the breach. Guess what? When you outsource business activities to a third party, you do not outsource your responsibility. What was Health Net doing to ensure, on an ongoing basis, that IBM had appropriate safeguards in place?
April 01, 2011 Added by:Jack Anderson
Healthcare needs disruptive innovation. HIPAA HITECH provides an opportunity to profoundly change information security and privacy by bringing millions of new participants into the picture. HHS estimates that 1-2 million business associates need to become HIPAA HITECH compliant...
October 01, 2010 Added by:Jack Anderson
You don't have to have a patient data breach to be in violation of HIPAA rules and regulations. By doing nothing, not even thinking, you probably have already committed a violation. If you don't have a breach notification program in place you are in violation now...
September 24, 2010 Added by:Jack Anderson
Hospitals turned the records over to a pathology group who in turn handed it off to a medical billing company and the former owner of the medical billing company Joseph Gagnon stated that they had been dumping the unsecured records at the dump for at least 2 or 3 years...
September 12, 2010 Added by:David Navetta
The new chapter specifies new duties given to the Indiana Attorney General related to the identification, handling, and ultimate transfer, destruction or delivery of abandoned health and other records containing personal information...
August 29, 2010 Added by:Jack Anderson
Insurance carriers and payers sent out amended Business Associate agreements in an attempt to shift liability to the BA. Of course now the chain of responsibility extends down to the sub-contractor and everyone is liable if there is a breach...
August 25, 2010 Added by:Jack Daniel
A risk assessment needs to go beyond regulatory expectations to ensure an organization is protecting its sensitive assets. Utilizing a best of breed or best practices framework will enable the organization to identify security gaps and control weaknesses rather than regulatory gaps...
August 08, 2010 Added by:David Navetta
The proposed modifications would require organizations that currently issue notices of privacy practices to make material changes to those notices. The modifications do not appear to change the existing rules as to who is responsible for issuing the notice of privacy practices...
June 22, 2010 Added by:Bryan Miller
The American Heritage dictionary defines compliance as "The act of complying with a wish, request, or demand; acquiescence". When you think of complying with something, do you normally consider it a wish? So, would paying my taxes indicate I'm complying with the Federal government's wish that I pay my taxes, or is it a demand?
From the Web
March 03, 2010 from: Office of Inadequate Security
Cross-Posted from: http://www.databreaches.net/?p=10367A research report on file-sharing risks that compares risks for personal financial information to personal health information:
From the Web
November 16, 2009 from: Office of Inadequate Security
One of Tennessee’s largest holders of personal information confirms that an October theft from a Chattanooga office affects about 2 million of its clients. Blue Cross Blue Shield said 68 computer hard drives that contained Social Security numbers and other sensitive information were taken from the office.
From the Web
November 05, 2009 from: Office of Inadequate Security
The Senate Judiciary Committee Thursday approved two companion bills that would require businesses and government agencies to notify individuals of security breaches involving sensitive personally identifiable information. Both bills go to the Senate for consideration.
October 29, 2009 Added by:Christopher Hudel
We have had 802.1x -- CISCO + Active Directory Integration -- in place for over a year know and it is largely a success; windows systems automatically obtain machine certificates (machines automatically receive certificates when they join the domain), supplicants exist for our IP Phones, and those devices (i.e.: printers) that are currently incapable of 802.1x are split off in a tightl...
October 29, 2009 Added by:Mike Cuppett
Start aligning your security strategy to better protect your organization's most critical asset - data. While many security proponents lean toward an outside-in strategy - protect every computer in the company from the outside world first - we really need to understand that the data is the asset that must be protected first and foremost. The outside-in strategy starts at a macro level and ov...
From the Web
October 29, 2009 from: Office of Inadequate Security
ORANGE, Calif. (October 23, 2009) – CalOptima has identified the potential loss of past medical claims information for approximately 68,000 of its members that was stored on electronic media devices.
Steps Toward Weaponizing the Android Platfor... Freid Jerome on 05-17-2013