Clik here to view.
How Physical Harm Impacts Can Drive Huge HIPAA Penalties
Are you a covered entity (CE) or business associate (BA) as defined by HIPAA? There are literally millions of organizations in the U.S. that fall under these definitions, and possibly additional...
View ArticleClik here to view.
Policy Exceptions are NOT a Taylor Swift Song: You can Never, Ever say Never
Over the past few months I’ve been in increasingly more discussions, online and at in-person group meetings, about information security policies and exceptions; often more like venting sessions. A...
View ArticleClik here to view.
How Long is the Liability Tail?
Don’t tell me it depends! Well, sorry, but… I’ve been involved in several interesting discussions (some with lawyers, some with security folks, some with privacy folks, and a few of the folks wearing...
View ArticleClik here to view.
The PHI PII Egg Hunt
Locate it to protect it I love speaking with folks about privacy, information security and compliance. I am sincerely interested in hearing about their challenges, and then also identifying common...
View ArticleClik here to view.
Good Intentions Often Lead to Bad Privacy Results
Allowing Wall Street privacy law exemption is crazy! Why, you ask? Why, I’m happy to explain. In March, 2012, I wrote “6 Good Reasons NOT To Ask for Facebook Passwords“. Since that time legislation...
View ArticleClik here to view.
Don’t Treat Privacy Breach Victims like a Spurned Lover
A new data breach research report is out, and it is a good read. This is the annual Experian/Ponemon Institute “Is Your Company Ready for a Big Data Breach?” report. I want to focus on one of the...
View ArticleClik here to view.
I See Business Associates…Do You See Yours?
I’m getting a lot of déjà vu vibes lately with the old-ish Bruce Willis movie with the catch phrase “I see dead people.” (Remember that?) Only my twist on this phrase for the past few years is, “I see...
View ArticleClik here to view.
I Don’t Need No Stinkin’ BA Agreement…or Do I?
Last week one of my Compliance Helper clients that is a health insurance company asked me the following question (slightly modified to protect their identity): For the past two years, we have tried to...
View ArticleClik here to view.
Don’t Be Penny Wise and Privacy Foolish
“We Can’t Afford Security and Privacy!” Recently I was speaking to a healthcare executive (a hospital Chief Financial Officer) at a conference where I had talked in one of the sessions about the needs...
View ArticleClik here to view.
Context Determines Privacy Impact
I’ve been getting the following question and comment increasingly more often in the past several months: 1) “If someone’s name and/or address, or any other personal information item, is posted...
View ArticleClik here to view.
You Don’t Attain Your Clients’ Compliance
Someone recently commented that I write a lot of blog posts based on my work and what my clients, students and others I meet at conferences and training classes have said or done. Well, that’s because...
View ArticleClik here to view.
Sales and Marketers: Don’t Diss the Info Sec Pros
This past week one of my marketing friends made a statement I’ve heard far too many sales and marketing folks say over the years. “The IT Security folks don’t have decision-making authority, and they...
View ArticleClik here to view.
When is PHI Not PHI?
The deadline for complying with the Omnibus Rule is quickly approaching. Psst…it’s September 23 for most covered entities (CEs) and business associates (BAs). I’ve been tardy in getting blog posts...
View ArticleClik here to view.
Top 4 Reasons Encryption Is Not Used
Over the past week a few reporters who were following up on a recent breach of 9 million patient records for stories they were writing asked me basically the same question amongst all their others,...
View ArticleClik here to view.
Use Encryption despite Your NSA Snooping Fears
I’ve received numerous questions from various news outlets, clients and colleagues since the published revelation that the NSA was getting the assistance of encryption vendors to decrypt messages...
View ArticleClik here to view.
Ever Feel like Somebody is Watching You? They Are!
“Sometimes I feel like…somebody’s watching me! And I have no privacy!” (The Rockwell hit from…quite appropriately…1984.) Each day, we are tracked by the ‘smart’ systems, mobile apps, personal...
View ArticleClik here to view.
You Must Practice Daily Compliance Hygiene
Compliance, like much of life, takes ongoing effort Okay, folks. Time for a reality check for what data protection compliance involves. You know what’s often tedious and hard? Well, a lot of things in...
View ArticleClik here to view.
If there’s a Shred of Evidence it’s Not Shredded
“What’s the minimum shred size?” Recently I got a great question from one of my Compliance Helper clients: “This may seem like a silly question, but is there any type of HIPAA compliance requirements...
View ArticleClik here to view.
What You Need to Know for Retention Compliance
One of the things I love about helping all my Compliance Helper (CH) clients with their information security and privacy compliance activities is that they often ask questions that most other small and...
View ArticleClik here to view.
Organizations Need to Use More Than One Type of Encryption
Encryption has been talked about a lot lately. I’ve gotten at least a couple dozen questions from my Compliance Helper clients in the past month. They can pretty much be boiled down to this question:...
View Article
