Archive for the ‘Privacy and Compliance’ Category

Podcast: HITECH Act adds new compliance requirements, penalties

Wednesday, May 6th, 2009

Last week I had the pleasure of speaking with Alexander B. Howard at SearchCompliance.com for a 26 minute podcast…

(more…)

IP Addresses Are Considered PII By Some Countries No Matter If U.S. Orgs Like It Or Not

Monday, May 4th, 2009

Today on Twitter, @clarinette02 posted a link to an interesting article, “IP Addresses Are Personal Data, E.U. Regulator Says,” from a little over a year ago…

(more…)

Red Flags Rule Enforcement Delayed to August 1, 2009; FTC Providing a Compliance “Template”

Friday, May 1st, 2009

The FTC has once more announced a delayed enforcement of the Red Flags Rule to August 1, 2009

(more…)

Employee Rights to PII When You Leave Your Employer or Lose Your Job

Wednesday, April 29th, 2009

I often get emails from my blog and Twitter readers, many of whom I have never met before; sometimes several in a day. Many often ask for help that really is a call for free consulting help. Others are quick, short and fast for me to answer. Others are just bizarre. I answer whatever I have time for. I recently got the following question (edited to protect identities), and I think so many folks may be involved in a similar situation with all the continuing job losses that it might be useful to several folks…

(more…)

HIPAA & HITECH Act Sanctions & Penalties

Tuesday, April 28th, 2009

Today I had the great pleasure and opportunity to do a podcast with Alexander Howard over at TechTarget discussing HIPAA and the HITECH Act…

(more…)

2 More Things In History That Could Have Improved Infosec & Privacy

Wednesday, April 22nd, 2009

Late last week I blogged about a question I got while at InfoTec in Omaha last week, “2 Things In Computing History That Could Have Improved Information Security and Privacy“…

(more…)

Breach Notices, Securing PHI & PHR Vendor Responsibilities Under HIPAA/HITECH Act

Tuesday, April 21st, 2009

Last Friday the US Department of Health and Human Services (HHS) released, at the last possible moment to meet their deadline, their interim final regulations to require covered entities (CEs) under the Health Insurance Portability and Accountability Act (HIPAA) and their business associates (BAs) to provide for notification in the case of breaches of unsecured protected health information (PHI) as required by the HITECH Act.
If you’ve read any of the at least 47 U.S. state and territory beach notice laws you will get a strong sense of deja vu while reading this document. They borrowed HEAVILY from the various existing breach notice laws to estblished their proposed definitions of securing PHI, what constitutes a “breach” of PHI, and for doing breach notifications.
There are two major issues…

(more…)

HIPAA Requirements Changes & Business Associates Impacts From HITECH Act

Monday, April 20th, 2009

Last week I engaged in a very interesting tweetversation with David Mortman about when the U.S. Department of Health and Human Services (HHS) needs to get their guidance documents and rules published for the various HITECH Act requirements…

(more…)

HIPAA Requirements Changes & Business Associates Impacts From HITECH Act

Monday, April 20th, 2009

Last week I engaged in a very interesting tweetversation with David Mortman about when the U.S. Department of Health and Human Services (HHS) needs to get their guidance documents and rules published for the various HITECH Act requirements…

(more…)

2 Things In Computing History That Could Have Improved Information Security and Privacy

Friday, April 17th, 2009

This past Wednesday I gave a session at Infosec09 in Omaha, Nebraska.
What a great event and venue! If you get a chance to attend next year, I highly encourage you to do so.

(more…)