While doing some research on cloud computing and considering the privacy and information security implications, I ran across a recent (11/18/2008) report from the Constitution Project, “Liberty and Security: Recommendations for the Next Administration and Congress“.
The following is an excerpt from page 184…
Archive for the ‘Privacy and Compliance’ Category
Cloud Computing & Privacy
Monday, November 24th, 2008France Performing Audits To Check For Spam
Thursday, November 20th, 2008While doing some research on data protection laws in France, I found it interesting to learn that this past September the French data protection authority (CNIL) stared auditing businesses to check for unlawful spam operations.
CMS Gets Heat Over Not Actively Enforcing HIPAA
Tuesday, November 18th, 2008To date the Centers for Medicare and Medicaid Services (CMS) has not actively pursued HIPAA Security Rule compliance. Instead they have depended upon complaints to drive their investigations. However, as this article nicely points out, depending upon patients and healthcare workers to complain about problems leaves MANY HIPAA non-compliance issues…including significant information security and privacy vulnerabilities…dangerously unknown…
Traveling PII
Monday, November 17th, 2008This is the second week in a row that I’ve been traveling and doing conference sessions, keynotes and my 2-day training class, so I’ve been a bit lax in my blog postings simply because of lack of time.
One of the things I like to do while traveling is to take notes about the many different types of personally identifiable information (PII) I see and hear while traveling. Traveling presents many significant risks to PII and other businss information, and not enough organizations provide training to their personnel to help them understand how to reduce those risks.
Here are a few of my notes from these current two weeks of travel…
Traveling PII
Monday, November 17th, 2008This is the second week in a row that I’ve been traveling and doing conference sessions, keynotes and my 2-day training class, so I’ve been a bit lax in my blog postings simply because of lack of time.
One of the things I like to do while traveling is to take notes about the many different types of personally identifiable information (PII) I see and hear while traveling. Traveling presents many significant risks to PII and other businss information, and not enough organizations provide training to their personnel to help them understand how to reduce those risks.
Here are a few of my notes from these current two weeks of travel…
Example Of How Many Healthcare Providers Do Not Understand HIPAA
Wednesday, November 12th, 2008HIPAA is misunderstood by many personnel who work for healthcare providers; probably because they do not receive effective or good training about HIPAA. Here is a good example of how healthcare providers inappropriately withhold information in the name of HIPAA…
State of New York Issues Guide For Protecting PII
Thursday, November 6th, 2008The State of New York just released a general guide to the protection of personally identifiable information (PII)…
Vote! Vote! Vote!
Tuesday, November 4th, 2008Today, at long last, the marathon of a presidential election race is finally almost over. Today…finally…the finally final votes are made for U.S. president. Did I mention finally? The race has been going on for two years here in Iowa.
I voted absentee ballot around 3 – 4 weeks ago; I’m so glad I don’t need to deal with the long lines. But it is *GOOD* for once to see those long lines! More people need to get involved with voting.
Here are a few interesting headlines about voting related (directly or indirectly) with security and/or privacy…
Audit Shows That After 5 Years CMS *STILL* Has No Documented Procedures For Ensuring HIPAA compliance
Thursday, October 30th, 2008This week the Department of Health and Human Services (HHS) Office of Inspector General (OIG) released a very interesting assessment of how well, and how effectively, the Centers for Medicare & Medicaid Services (CMS) was performing their Health Insurance Portability and Accountability Act (HIPAA) oversight responsibilities.
Audit Shows That After 5 Years CMS *STILL* Has No Documented Procedures For Ensuring HIPAA compliance
Thursday, October 30th, 2008This week the Department of Health and Human Services (HHS) Office of Inspector General (OIG) released a very interesting assessment of how well, and how effectively, the Centers for Medicare & Medicaid Services (CMS) was performing their Health Insurance Portability and Accountability Act (HIPAA) oversight responsibilities.
