In November, some of my friends contacted me, saying they thought I did a pretty good job with my 2015 predictions, and wanted to know what I am predicting for 2016. So here are some good possibilities for the year to come, along with a rewind to see how close I hit the 2015 predictions. (more…)
Posts Tagged ‘HIPAA’
How well do you think your patient data, wherever it is located, is being secured? How well do you think your healthcare providers (doctors, nurses, hospitals, clinics, etc.) and health insurance companies are securing your patient information?
The fact is, with the increasing occurrences of patient data breaches, and more use of patient data for purposes beyond the provision of healthcare, most people are worried about patient data security. (more…)
Yesterday I read a news story about how a woman, Mrs. Anita Chanko, saw an episode of the Dr. Oz show “NY Med” that included video of her husband, who had died 16 months earlier, in the hospital receiving care after being hit by a truck while crossing the street. She did not know that such a video even existed.
The picture was blurred, but the woman knew it was her recently deceased husband because she recognized his voice when he spoke, the conversation topic, the hospital where the care was occurring, along with other visual indicators. She heard her husband ask about his wife; her. She then watched his last moments of life, and then his death on television. (more…)
Too many businesses have poor information security controls in place (e.g,. demonstrably Sony, Staples, and a seemingly infinite number of other companies) and are basically giving their intellectual property, and the personal information they are responsible for, away.
Once or twice a week I get a question from an organization that is considered to be a healthcare covered entity (CE) or business associate (BA) under HIPAA (a U.S. regulation) asking about the types of information that is considered to be protected health information (PHI). Last week a medical devices manufacturer, that is also a BA, asked about this. I think it is a good time to post about this topic again.
If information can be (more…)
The day before Thanksgiving here in the U.S. I had the great pleasure of speaking with a couple of consumate information security experts from across the pond in England and Norway, Kai Roer and Mo Amin, on an episode of their Security Culture TV! We chatted about how to get folks to be more aware of privacy risks, and how to change their mindset to a more privacy proactive stance. You can see this episode here.
When you look at recent breaches, it is clear that awareness of information security and privacy risks, and how to mitigate them, is not getting the attention necessary by leaders of organizations. Why else would (more…)
Earlier this year after a session I gave at a conference, an attendee who was new to information security, and had just been assigned this responsibility at a mid-sized organization in the healthcare industry, asked if he could visit with me for a while about risk management. Well, of course! During the course of our conversation I learned that he had gotten some very bad advice about risk management in general, and risk assessments in particular. I know from reading various comments throughout the social media discussion sites that bad advice is becoming far too common, with many (more…)
October is National Cyber Security Awareness Month. It would seem the breaches announced virtually every day of this month so far were orchestrated to highlight the need for organizations to beef up their information security efforts and improve their controls.
Sadly instead, cyber incidents seem to have become de rigueur these days. Consumers are getting fed up, and government agencies are proposing more laws. The tide is turning, and soon organizations will be held accountable for more effectively protecting their systems and information, or they will likely face much steeper fines and penalties than ever before. So, now’s the time to take action! Here are six actions you to take this month to start improving your organization’s information security program and associated efforts. (more…)
In the past couple of weeks I’ve spoken with five different small to mid-size organizations who have had a software or hardware vendor basically tell them, “Our product is HIPAA compliant! Use it and you will also be fully HIPAA compliant!” How can that be? In three words; it can’t be. Here’s what is most likely going on with those claims. (more…)