Archive for November, 2007
Monday, November 19th, 2007
I got some interesting comments and questions, and lots of good direct feedback, about my blog post on sending cleartext patient information last week, “HIPAA: Beware Doctors Who Claim They Don’t Have To Follow Safeguard and Privacy Requirements” so I wanted to take this opportunity to discuss the topic a little more.
(more…)
Tags:awareness and training, email security, encryption, Health Insurance Portability and Accountability Act, HIPAA, IM security, Information Security, instant messaging, IT compliance, patient privacy, policies and procedures, privacy, risk management, security risk, security training
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
Monday, November 19th, 2007
I got some interesting comments and questions, and lots of good direct feedback, about my blog post on sending cleartext patient information last week, “HIPAA: Beware Doctors Who Claim They Don’t Have To Follow Safeguard and Privacy Requirements” so I wanted to take this opportunity to discuss the topic a little more.
(more…)
Tags:awareness and training, email security, encryption, Health Insurance Portability and Accountability Act, HIPAA, IM security, Information Security, instant messaging, IT compliance, patient privacy, policies and procedures, privacy, risk management, security risk, security training
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
Sunday, November 18th, 2007
Early this year I did a data flow analysis for I-9 compliance, and I blogged a few months ago about I-9 related issues in “New Tennessee Law Prohibits Using Federal Individual Taxpayer ID as Proof of Immigration Status.”
I-9 compliance issues impact many areas of an organization. However, within most organizations many areas, such as IT and information security, are not aware of the I-9 compliance issues and unknowingly put the company at noncompliance jeopardy. Compliance with any law or regulation that involves personally identifiable information (PII) usually require the involvement of legal, IT and information security areas.
(more…)
Tags:awareness and training, DHS, employment issues, I-9 forms, Illegal Immigration Reform and Immigrant Responsibility Act of 1996, Information Security, IT compliance, policies and procedures, privacy, risk management, security risk, security training, social security numbers, SSN, U.S. Citizenship and Immigration Services
Posted in Laws & Regulations | 1 Comment »
Sunday, November 18th, 2007
Early this year I did a data flow analysis for I-9 compliance, and I blogged a few months ago about I-9 related issues in “New Tennessee Law Prohibits Using Federal Individual Taxpayer ID as Proof of Immigration Status.”
I-9 compliance issues impact many areas of an organization. However, within most organizations many areas, such as IT and information security, are not aware of the I-9 compliance issues and unknowingly put the company at noncompliance jeopardy. Compliance with any law or regulation that involves personally identifiable information (PII) usually require the involvement of legal, IT and information security areas.
(more…)
Tags:awareness and training, DHS, employment issues, I-9 forms, Illegal Immigration Reform and Immigrant Responsibility Act of 1996, Information Security, IT compliance, policies and procedures, privacy, risk management, security risk, security training, social security numbers, SSN, U.S. Citizenship and Immigration Services
Posted in Laws & Regulations | 3 Comments »
Saturday, November 17th, 2007
Last night on the drive into town to my 8-year-old son’s basketball practice we were on a heavily trafficked city interstate around 5:15pm…rush hour and happy hour drivers were everywhere with bumber-to-bumper vehicles across 4 lanes. I was sitting in the passenger side, and I saw a large truck in front of us. As we pulled alongside I saw “Microsoft” boldly painted on the truck cargo area.
(more…)
Tags:awareness and training, Bill Gates, Microsoft, risk management
Posted in Miscellaneous | 5 Comments »
Friday, November 16th, 2007
As I was reading this week’s issue of Time magazine I found a backup lesson given by Francis Ford Coppola!
(more…)
Tags:awareness and training, backup, disaster recovery, Francis Ford Coppola, Information Security, IT compliance, policies and procedures, privacy, risk management, security risk, security training
Posted in Information Security | No Comments »
Thursday, November 15th, 2007
Tags:awareness and training, encryption, Health Insurance Portability and Accountability Act, HIPAA, Information Security, IT compliance, patient privacy, policies and procedures, privacy, risk management, security risk, security training
Posted in Information Security, Privacy and Compliance | 6 Comments »
Wednesday, November 14th, 2007
Tags:awareness and training, Daniel A. Green, Department of Labor, Information Security, International Trade Commission, IT compliance, Office of Personnel Management, policies and procedures, privacy, remote computing, risk management, security training, teleworking, Veterans Affairs
Posted in government, Information Security, Privacy and Compliance | No Comments »
Monday, November 12th, 2007
I found a report yesterday, “Intelligence deputy to America: Rethink privacy” quite interesting. The impact on privacy…the actual definition, not the definition Donald Kerr, the principal deputy director of national intelligence, thinks it should be…would not only be a huge step backward for the country, but it would also increase the threats to personally identifiable information (PII) exponentially.
(more…)
Tags:awareness and training, Donald Kerr, FISA, Foreign Intelligence Surveillance Act, Information Security, IT compliance, national intelligence, policies and procedures, privacy, privacy training, risk management, security training
Posted in government, Privacy and Compliance | No Comments »
Sunday, November 11th, 2007
I just read about a French Supreme Court decision made on October 10 (you can see a Google English rough translation of it here) that is significant to organizations who have employees in France, or anywhere worldwide for that matter, and the organization’s employee monitoring practices.
(more…)
Tags:awareness and training, court decision, employee monitoring, French Supreme Court, Information Security, IT compliance, logging, monitoring, policies and procedures, privacy, privacy training, risk management, security training
Posted in government, Laws & Regulations, Privacy and Compliance | No Comments »
