Yesterday the HHS proposed rules that would give patients (and their authorized representatives) direct access to their own laboratory test result reports… (more…)
Archive for the ‘Information Security’ Category
Another HIPAA Proposed Rule: Patients’ Access to Test Reports
Wednesday, September 14th, 2011Request for Your Participation – SHORT Survey #2: Workstation Timeouts and Lost SSO Badges
Friday, September 2nd, 2011I’ve posted the 2nd in a series of SHORT and ANONYMOUS surveys to determine important HIPAA/HITECH compliance activities at hospitals and clinics. However, for this topic it would be good to have all types of organizations/industries participating… (more…)
HIPAA/HITECH Compliance Is All or Nothing
Tuesday, August 16th, 2011I’m seeing growing numbers of business associates, particularly those who do technology-based services, expressing the belief that they don’t need to worry about complying with most of HIPAA. I wrote a guest blog post for Credant about this misguided thinking that was published today. I welcome your feedback!
KPMG HIPAA Auditor Caused a Data Breach
Tuesday, August 9th, 2011A KPMG auditor caused a breach for New Jersey hospitals because he or she lost an unencrypted flash drive containing over 4,500 patient records. (more…)
UCLA Health System Pays $865K to Settle Celebrity Privacy HIPAA Violations
Friday, July 8th, 2011Here’s yet another HIPAA violations penalty to add to what seems to be a quickly growing list. In this case it was a violation of the minimum necessary access principle, in addition to providing the information to reporters, who then published the information. And, it is likely based upon the required actions that go beyond the fine, that the policies, procedures, training, awareness, and access logging processes was lacking as well. (more…)
10 Risk-Reducing Actions for Mobile HIPAA/HITECH Compliance
Sunday, June 19th, 2011I’m giving a free webinar sponsored by Sophos this coming Wednesday, June 22: “10 Risk-Reducing Actions for Mobile HIPAA/HITECH Compliance.” Here is more information about it: (more…)
Don’t Let School Break Be A Privacy Break-In!
Friday, June 3rd, 2011A couple of days ago I published my monthly Privacy Professor Tips message, “Summer Break-in.” I provide these tips free to anyone who wants to sign up for it on my web site and fills out one of the boxes that says, (more…)
Legal Requirements for Information Security and Privacy Awareness and Training
Wednesday, March 30th, 2011Earlier today following my online seminar, “Effective Training and Awareness: The Key to Information Security Success” (http://gocsi.com/Training2011/OD/Awareness), I received the following question:
Where might I locate a summary breakdown of training regulations by industry? i.e. Pharma
Yes, Automating Compliance Activities Can Improve Security…If Done Correctly!
Tuesday, March 8th, 2011I participate in the Focus network and tried to answer the following question from “Caty” on their discussion board:
“How can compliance automation help secure my organization’s IT infrastructure?” Please describe the benefits of compliance automation and discuss how it can be used to secure an organization’s IT infrastructure.
However, after trying to submit my response in around half a dozen ways, I was told my answer was too long. Instead of shaving off some of my content, I decided to post here to my blog, and then point to here from there. Perhaps my other blog readers will be interested in my thoughts on this topic as well.
So, here is my answer… (more…)
