Archive for August, 2013

Top 4 Reasons Encryption Is Not Used

Friday, August 30th, 2013

Over the past week a few reporters who were following up on a recent breach of 9 million patient records for stories they were writing asked me basically the same question amongst all their others, “What are the barriers that stop healthcare organizations from encrypting their devices?” One of the resulting stories, by Marianne McGee, has been posted at HealthCareInfosecurity.  During my work with a wide range of small to large organizations, in a wide range of industries, I’ve found there are some common reasons why encryption is not implemented. Here are the top four I’ve run across. (more…)

When is PHI Not PHI?

Tuesday, August 27th, 2013

The deadline for complying with the Omnibus Rule is quickly approaching. Psst…it’s September 23 for most covered entities (CEs) and business associates (BAs).  I’ve been tardy in getting blog posts made because I’ve been happy to have the opportunity to help my hundreds of Compliance Helper and Privacy Professor clients to get into compliance with all the HIPAA and HITECH rules, many just getting there for the first time, in addition to the Omnibus Rule changes and new requirements. I’ve been getting a lot of HIPAA questions from many of the CEs and BAs. I thought it would be helpful to provide some of them on my blog. I’ll start with an interesting question about (more…)