If security is done effectively and correctly, this is just silly…
Archive for the ‘Information Security’ Category
CMS Gets Heat Over Not Actively Enforcing HIPAA
Tuesday, November 18th, 2008To date the Centers for Medicare and Medicaid Services (CMS) has not actively pursued HIPAA Security Rule compliance. Instead they have depended upon complaints to drive their investigations. However, as this article nicely points out, depending upon patients and healthcare workers to complain about problems leaves MANY HIPAA non-compliance issues…including significant information security and privacy vulnerabilities…dangerously unknown…
Traveling PII
Monday, November 17th, 2008This is the second week in a row that I’ve been traveling and doing conference sessions, keynotes and my 2-day training class, so I’ve been a bit lax in my blog postings simply because of lack of time.
One of the things I like to do while traveling is to take notes about the many different types of personally identifiable information (PII) I see and hear while traveling. Traveling presents many significant risks to PII and other businss information, and not enough organizations provide training to their personnel to help them understand how to reduce those risks.
Here are a few of my notes from these current two weeks of travel…
Traveling PII
Monday, November 17th, 2008This is the second week in a row that I’ve been traveling and doing conference sessions, keynotes and my 2-day training class, so I’ve been a bit lax in my blog postings simply because of lack of time.
One of the things I like to do while traveling is to take notes about the many different types of personally identifiable information (PII) I see and hear while traveling. Traveling presents many significant risks to PII and other businss information, and not enough organizations provide training to their personnel to help them understand how to reduce those risks.
Here are a few of my notes from these current two weeks of travel…
Email “Hack” Tells University Students & Staff That U.S. President Vote Is “Tomorrow”
Wednesday, November 5th, 2008Here’s another email incident example to add to your files…
Vote! Vote! Vote!
Tuesday, November 4th, 2008Today, at long last, the marathon of a presidential election race is finally almost over. Today…finally…the finally final votes are made for U.S. president. Did I mention finally? The race has been going on for two years here in Iowa.
I voted absentee ballot around 3 – 4 weeks ago; I’m so glad I don’t need to deal with the long lines. But it is *GOOD* for once to see those long lines! More people need to get involved with voting.
Here are a few interesting headlines about voting related (directly or indirectly) with security and/or privacy…
Audit Shows That After 5 Years CMS *STILL* Has No Documented Procedures For Ensuring HIPAA compliance
Thursday, October 30th, 2008This week the Department of Health and Human Services (HHS) Office of Inspector General (OIG) released a very interesting assessment of how well, and how effectively, the Centers for Medicare & Medicaid Services (CMS) was performing their Health Insurance Portability and Accountability Act (HIPAA) oversight responsibilities.
Audit Shows That After 5 Years CMS *STILL* Has No Documented Procedures For Ensuring HIPAA compliance
Thursday, October 30th, 2008This week the Department of Health and Human Services (HHS) Office of Inspector General (OIG) released a very interesting assessment of how well, and how effectively, the Centers for Medicare & Medicaid Services (CMS) was performing their Health Insurance Portability and Accountability Act (HIPAA) oversight responsibilities.
Create A Clear Education Strategy BEFORE Asking Executives for Training and Awareness Support
Wednesday, October 29th, 2008Information security, privacy, and compliance practitioners must obtain the support of executive management to be successful. So how do you do this?
I talk about this in the first section of the first article of my October issue of “IT Compliance in Realtime Journal.”
Here is the unformatted version of the first section of the first article; download the PDF to see a much nicer-looking version…
Web 2.0 Security, Privacy & Policies
Friday, October 24th, 2008Since 2000 I’ve been writing a monthly column for the Computer Security Institute (CSI) Alert publication…
