Posts Tagged ‘audits’
Friday, December 21st, 2012
This week I spoke with a small (~25 employees) organization (a business associate providing services to healthcare providers) that contacted me looking for help; they had purchased a whiz-bang “HIPAA compliance GRC” solution that included with everything else information security policies, but they couldn’t make any sense of the policies they were given or how they related to the rest of the expensive GRC tool. Grrr!! There are (more…)
Tags:audit, audits, awareness, BA, breach, business associate, business partner, CE, compliance, covered entity, customers, data protection, e-mail, electronic mail, email, employees, employment, HIPAA, hiring, HITECH, HR, human resources, IBM, Information Security, information technology, infosec, IT security, job applicants, laws, messaging, midmarket, non-compliance, patients, personal information, personally identifiable information, personnel, PII, policies, privacy, privacy breach, privacy professor, privacyprof, procedures, Rebecca Herold, risk, risk assessment, risk management, security, sensitive personal information, SPI, systems security, training, walk through
Posted in BA, CE, HIPAA, Information Security | 1 Comment »
Wednesday, February 25th, 2009
Today I spent a lot of time in phone meetings and doing research. So, instead of focusing on writing about one topic today, here are my tweets I sent out, that cover a wide range of topics…
(more…)
Tags:audits, awareness and training, hacker, Information Security, IT compliance, IT training, OECD, policies and procedures, privacy training, risk management, security training
Posted in Information Security, Miscellaneous, Privacy and Compliance | No Comments »
Wednesday, February 25th, 2009
Today I spent a lot of time in phone meetings and doing research. So, instead of focusing on writing about one topic today, here are my tweets I sent out, that cover a wide range of topics…
(more…)
Tags:audits, awareness and training, hacker, Information Security, IT compliance, IT training, OECD, policies and procedures, privacy training, risk management, security training
Posted in Information Security, Miscellaneous, Privacy and Compliance | No Comments »
