Healthcare
Health Net Incident Impacts 1.9 Million: Lessons Learned
April 07, 2011 Added by:Rebecca Herold
Health Net is clearly stating that IBM is responsible for the breach. Guess what? When you outsource business activities to a third party, you do not outsource your responsibility. What was Health Net doing to ensure, on an ongoing basis, that IBM had appropriate safeguards in place?
Comments (0)
Disruptive Innovation in HIPAA HITECH Compliance
April 01, 2011 Added by:Jack Anderson
Healthcare needs disruptive innovation. HIPAA HITECH provides an opportunity to profoundly change information security and privacy by bringing millions of new participants into the picture. HHS estimates that 1-2 million business associates need to become HIPAA HITECH compliant...
Comments (0)
Business Associates Must Be HIPAA Compliant
October 09, 2010 Added by:Jack Anderson
In response to a question from a potential client I asked Rebecca Herold, The Privacy Professor to comment on when a BA must be compliant. I will let her answer speak for itself...
Comments (0)
HIPAA Violations Not Always Due to Data Breaches
October 01, 2010 Added by:Jack Anderson
You don't have to have a patient data breach to be in violation of HIPAA rules and regulations. By doing nothing, not even thinking, you probably have already committed a violation. If you don't have a breach notification program in place you are in violation now...
Comments (2)
HIPAA Violations by Associates or Sub-Contractors
September 24, 2010 Added by:Jack Anderson
Hospitals turned the records over to a pathology group who in turn handed it off to a medical billing company and the former owner of the medical billing company Joseph Gagnon stated that they had been dumping the unsecured records at the dump for at least 2 or 3 years...
Comments (1)
Indiana's Abandoned Health Records Act
September 12, 2010 Added by:David Navetta
The new chapter specifies new duties given to the Indiana Attorney General related to the identification, handling, and ultimate transfer, destruction or delivery of abandoned health and other records containing personal information...
Comments (0)
Business Associates and HIPAA Liabilities
August 29, 2010 Added by:Jack Anderson
Insurance carriers and payers sent out amended Business Associate agreements in an attempt to shift liability to the BA. Of course now the chain of responsibility extends down to the sub-contractor and everyone is liable if there is a breach...
Comments (0)
Healthcare Risk Assessment Essentials
August 25, 2010 Added by:Jack Daniel
A risk assessment needs to go beyond regulatory expectations to ensure an organization is protecting its sensitive assets. Utilizing a best of breed or best practices framework will enable the organization to identify security gaps and control weaknesses rather than regulatory gaps...
Comments (0)
Proposed Modifications to the HIPAA Rules Part Two
August 08, 2010 Added by:David Navetta
The proposed modifications would require organizations that currently issue notices of privacy practices to make material changes to those notices. The modifications do not appear to change the existing rules as to who is responsible for issuing the notice of privacy practices...
Comments (0)
Reducing the Cost of Compliance
June 22, 2010 Added by:Bryan Miller
The American Heritage dictionary defines compliance as "The act of complying with a wish, request, or demand; acquiescence". When you think of complying with something, do you normally consider it a wish? So, would paying my taxes indicate I'm complying with the Federal government's wish that I pay my taxes, or is it a demand?
Comments (0)
From the Web
File-Sharing Software Potential Threat to Health Privacy – Study
March 03, 2010 from: Office of Inadequate Security
Cross-Posted from: http://www.databreaches.net/?p=10367A research report on file-sharing risks that compares risks for personal financial information to personal health information:
Comments (1)
From the Web
Update: Stolen BCBS hard drives had data on 2 million insured
November 16, 2009 from: Office of Inadequate Security
One of Tennessee’s largest holders of personal information confirms that an October theft from a Chattanooga office affects about 2 million of its clients. Blue Cross Blue Shield said 68 computer hard drives that contained Social Security numbers and other sensitive information were taken from the office.
Comments (0)
From the Web
Senate Panel Clears Data Breach Bills
November 05, 2009 from: Office of Inadequate Security
The Senate Judiciary Committee Thursday approved two companion bills that would require businesses and government agencies to notify individuals of security breaches involving sensitive personally identifiable information. Both bills go to the Senate for consideration.
Comments (0)
Good enough security?
October 29, 2009 Added by:Christopher Hudel
We have had 802.1x -- CISCO + Active Directory Integration -- in place for over a year know and it is largely a success; windows systems automatically obtain machine certificates (machines automatically receive certificates when they join the domain), supplicants exist for our IP Phones, and those devices (i.e.: printers) that are currently incapable of 802.1x are split off in a tightl...
Comments (2)
IT Security - Defense in Depth Protection using a Data-centric Model
October 29, 2009 Added by:Mike Cuppett
Start aligning your security strategy to better protect your organization's most critical asset - data. While many security proponents lean toward an outside-in strategy - protect every computer in the company from the outside world first - we really need to understand that the data is the asset that must be protected first and foremost. The outside-in strategy starts at a macro level and ov...
Comments (5)
From the Web
CalOptima Reports Potential Loss of Patient Claims Information (updated)
October 29, 2009 from: Office of Inadequate Security
ORANGE, Calif. (October 23, 2009) – CalOptima has identified the potential loss of past medical claims information for approximately 68,000 of its members that was stored on electronic media devices.
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!