Archive for the ‘privacy’ Category

6 Good Reasons to De-Identify Data

Friday, March 30th, 2012

De-identification is a great privacy tool for all types of businesses, of all sizes.  If you have personal data that you want to use for research, marketing, testing applications, statistical trending or some other legitimate purpose, but you don’t need to know the specific individuals involved in order to meet your goals, then you should consider de-identifying the personal data.  Even though it sounds complicated there are many good methods you can use to accomplish de-identification.  And the great thing is, (more…)

6 Good Reasons NOT To Ask For Facebook Passwords

Friday, March 23rd, 2012

In case you’ve not paid attention to the news in the past week, there has been a barrage of stories (over 1500 turned up in a quick online search) about organizations asking job applicants and employees for their Facebook, Twitter, LinkedIn and other social networking passwords.  It’s a hot topic folks! I’ve listed a bunch of them at the end of this post.  Compelled password disclosure is a very bad idea for organizations to do for many reasons.  Here are six that should be compelling to business management: (more…)

High Tech and Low Tech Continue to Bedevil Info Sec and Privacy Practitioners

Sunday, January 8th, 2012

When looking ahead to what may happen in this new year it is necessary to first look back.  Not only to 2011, but when making plans to move forward even further back to help make the best decisions moving forward.   I do a lot of reading, including many mainstream publications written for the general public.  You can see a lot of trends and problems by reading about how the general public is reporting (or not) about them.   I also like to read the various publications specific to information security, privacy, compliance and technology to see the backstories and guts of the problems.  Looking at all such reports helps to provide a more comprehensive view necessary for making good decisions. (more…)

Make Privacy One of Your 2012 Resolutions

Tuesday, January 3rd, 2012

Happy New Year!  I hope your year is starting out great.  Have you made it to day 3 without breaking any of your resolutions?  How about adding one more… (more…)

Do Subpoenas Trump HIPAA and/or Trample Security Of PHI?

Saturday, December 10th, 2011

On October 10, 2011, there was a report in the Baltimore Sun, “Law firm loses hard drive with patient records: Attorneys represent St. Joseph cardiologist sued for malpractice.” I posted about the report to one of the LinkedIn groups I participate in, pointing out that this is yet one more example of (more…)

HIPAA/HITECH Compliance Is All or Nothing

Tuesday, August 16th, 2011

I’m seeing growing numbers of  business associates, particularly those who do technology-based services, expressing the belief that they don’t need to worry about complying with most of HIPAA.  I wrote a guest blog post for Credant about this misguided thinking that was published today.  I welcome your feedback!

KPMG HIPAA Auditor Caused a Data Breach

Tuesday, August 9th, 2011

A KPMG auditor caused a breach for New Jersey hospitals because he or she lost an unencrypted flash drive containing over 4,500 patient records. (more…)

UCLA Health System Pays $865K to Settle Celebrity Privacy HIPAA Violations

Friday, July 8th, 2011

Here’s yet another HIPAA violations penalty to add to what seems to be a quickly growing list.  In this case it was a violation of the minimum necessary access principle, in addition to providing the information to reporters, who then published the information.  And, it is likely based upon the required actions that go beyond the fine, that the policies, procedures, training, awareness, and access logging processes was lacking as well. (more…)

10 Risk-Reducing Actions for Mobile HIPAA/HITECH Compliance

Sunday, June 19th, 2011

I’m giving a free webinar sponsored by Sophos this coming Wednesday, June 22: “10 Risk-Reducing Actions for Mobile HIPAA/HITECH Compliance.”   Here is more information about it: (more…)

Don’t Let School Break Be A Privacy Break-In!

Friday, June 3rd, 2011

A couple of days ago I published my monthly Privacy Professor Tips message, “Summer Break-in.”  I provide these tips free to anyone who wants to sign up for it on my web site and fills out one of the boxes that says, (more…)