How Physical Harm Impacts Can Drive Huge HIPAA Penalties
Are you a covered entity (CE) or business associate (BA) as defined by HIPAA? There are literally millions of organizations in the U.S. that fall under these definitions, and possibly additional...
View ArticlePolicy Exceptions are NOT a Taylor Swift Song: You can Never, Ever say Never
Over the past few months I’ve been in increasingly more discussions, online and at in-person group meetings, about information security policies and exceptions; often more like venting sessions. A...
View ArticleHow Long is the Liability Tail?
Don’t tell me it depends! Well, sorry, but… I’ve been involved in several interesting discussions (some with lawyers, some with security folks, some with privacy folks, and a few of the folks wearing...
View ArticleThe PHI PII Egg Hunt
Locate it to protect it I love speaking with folks about privacy, information security and compliance. I am sincerely interested in hearing about their challenges, and then also identifying common...
View ArticleGood Intentions Often Lead to Bad Privacy Results
Allowing Wall Street privacy law exemption is crazy! Why, you ask? Why, I’m happy to explain. In March, 2012, I wrote “6 Good Reasons NOT To Ask for Facebook Passwords“. Since that time legislation...
View ArticleDon’t Treat Privacy Breach Victims like a Spurned Lover
A new data breach research report is out, and it is a good read. This is the annual Experian/Ponemon Institute “Is Your Company Ready for a Big Data Breach?” report. I want to focus on one of the...
View ArticleI See Business Associates…Do You See Yours?
I’m getting a lot of déjà vu vibes lately with the old-ish Bruce Willis movie with the catch phrase “I see dead people.” (Remember that?) Only my twist on this phrase for the past few years is, “I see...
View ArticleI Don’t Need No Stinkin’ BA Agreement…or Do I?
Last week one of my Compliance Helper clients that is a health insurance company asked me the following question (slightly modified to protect their identity): For the past two years, we have tried to...
View ArticleDon’t Be Penny Wise and Privacy Foolish
“We Can’t Afford Security and Privacy!” Recently I was speaking to a healthcare executive (a hospital Chief Financial Officer) at a conference where I had talked in one of the sessions about the needs...
View ArticleContext Determines Privacy Impact
I’ve been getting the following question and comment increasingly more often in the past several months: 1) “If someone’s name and/or address, or any other personal information item, is posted...
View ArticleYou Don’t Attain Your Clients’ Compliance
Someone recently commented that I write a lot of blog posts based on my work and what my clients, students and others I meet at conferences and training classes have said or done. Well, that’s because...
View ArticleSales and Marketers: Don’t Diss the Info Sec Pros
This past week one of my marketing friends made a statement I’ve heard far too many sales and marketing folks say over the years. “The IT Security folks don’t have decision-making authority, and they...
View ArticleWhen is PHI Not PHI?
The deadline for complying with the Omnibus Rule is quickly approaching. Psst…it’s September 23 for most covered entities (CEs) and business associates (BAs). I’ve been tardy in getting blog posts...
View ArticleTop 4 Reasons Encryption Is Not Used
Over the past week a few reporters who were following up on a recent breach of 9 million patient records for stories they were writing asked me basically the same question amongst all their others,...
View ArticleUse Encryption despite Your NSA Snooping Fears
I’ve received numerous questions from various news outlets, clients and colleagues since the published revelation that the NSA was getting the assistance of encryption vendors to decrypt messages...
View ArticleEver Feel like Somebody is Watching You? They Are!
“Sometimes I feel like…somebody’s watching me! And I have no privacy!” (The Rockwell hit from…quite appropriately…1984.) Each day, we are tracked by the ‘smart’ systems, mobile apps, personal...
View ArticleYou Must Practice Daily Compliance Hygiene
Compliance, like much of life, takes ongoing effort Okay, folks. Time for a reality check for what data protection compliance involves. You know what’s often tedious and hard? Well, a lot of things in...
View ArticleIf there’s a Shred of Evidence it’s Not Shredded
“What’s the minimum shred size?” Recently I got a great question from one of my Compliance Helper clients: “This may seem like a silly question, but is there any type of HIPAA compliance requirements...
View ArticleWhat You Need to Know for Retention Compliance
One of the things I love about helping all my Compliance Helper (CH) clients with their information security and privacy compliance activities is that they often ask questions that most other small and...
View ArticleOrganizations Need to Use More Than One Type of Encryption
Encryption has been talked about a lot lately. I’ve gotten at least a couple dozen questions from my Compliance Helper clients in the past month. They can pretty much be boiled down to this question:...
View Article
More Pages to Explore .....