Over the past week a few reporters who were following up on a recent breach of 9 million patient records for stories they were writing asked me basically the same question amongst all their others, “What are the barriers that stop healthcare organizations from encrypting their devices?” One of the resulting stories, by Marianne McGee, has been posted at HealthCareInfosecurity. During my work with a wide range of small to large organizations, in a wide range of industries, I’ve found there are some common reasons why encryption is not implemented. Here are the top four I’ve run across. (more…)
Archive for August, 2013
Top 4 Reasons Encryption Is Not Used
Friday, August 30th, 2013Tags:awareness, BA, BAA, breach, business associate, CE, compliance, covered entity, data protection, encrypt, encryption, HIPAA, HITECH, IBM, Information Security, information technology, infosec, IT security, midmarket, monitoring, non-compliance, Omnibus, personal information identifier, personal information item, PHI, PII, policies, privacy, privacy breach, privacy laws, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, security, social network, surveillance, systems security, training
Posted in HIPAA, Information Security | No Comments »
When is PHI Not PHI?
Tuesday, August 27th, 2013The deadline for complying with the Omnibus Rule is quickly approaching. Psst…it’s September 23 for most covered entities (CEs) and business associates (BAs). I’ve been tardy in getting blog posts made because I’ve been happy to have the opportunity to help my hundreds of Compliance Helper and Privacy Professor clients to get into compliance with all the HIPAA and HITECH rules, many just getting there for the first time, in addition to the Omnibus Rule changes and new requirements. I’ve been getting a lot of HIPAA questions from many of the CEs and BAs. I thought it would be helpful to provide some of them on my blog. I’ll start with an interesting question about (more…)
Tags:awareness, BA, BAA, breach, business associate, CE, compliance, covered entity, data protection, HIPAA, HITECH, IBM, Information Security, information technology, infosec, IT security, marketing, midmarket, monitoring, non-compliance, Omnibus, personal information identifier, personal information item, PHI, PII, policies, privacy, privacy breach, privacy laws, privacy practice, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, sales, security, social network, surveillance, systems security, training
Posted in BA, CE, HIPAA, Laws & Regulations | No Comments »