KPMG HIPAA Auditor Caused a Data Breach

August 9th, 2011

A KPMG auditor caused a breach for New Jersey hospitals because he or she lost an unencrypted flash drive containing over 4,500 patient records. Read the rest of this entry »

Tags: ,
Posted in BA, CE, HIPAA, HITECH, Information Security, Laws & Regulations, privacy, Privacy and Compliance | 1 Comment »

Cybercriminals Just Came A Callin’ At My House

July 8th, 2011

I just got off a 30-minute call that came unsolicited from a young-sounding man with a very thick Indian accent who, when I asked him his name, said it was Jason Anderson (doesn’t sound like an authentic name of someone from India).  He told me he was calling me because there had been a lot of complaints in my area about malicious code damaging operating system software and he wanted to be sure my operating system was not impacted. Read the rest of this entry »

Tags: , , , , ,
Posted in Information Security, Miscellaneous, Uncategorized | 11 Comments »

UCLA Health System Pays $865K to Settle Celebrity Privacy HIPAA Violations

July 8th, 2011

Here’s yet another HIPAA violations penalty to add to what seems to be a quickly growing list.  In this case it was a violation of the minimum necessary access principle, in addition to providing the information to reporters, who then published the information.  And, it is likely based upon the required actions that go beyond the fine, that the policies, procedures, training, awareness, and access logging processes was lacking as well. Read the rest of this entry »

Tags: , , , , , , , , , , , , , , , , , , ,
Posted in CE, healthcare, HIPAA, HITECH, Information Security, Laws & Regulations, Non-compliance Sanctions Examples, privacy, Privacy and Compliance, Privacy Incidents | 4 Comments »

10 Risk-Reducing Actions for Mobile HIPAA/HITECH Compliance

June 19th, 2011

I’m giving a free webinar sponsored by Sophos this coming Wednesday, June 22: “10 Risk-Reducing Actions for Mobile HIPAA/HITECH Compliance.”   Here is more information about it: Read the rest of this entry »

Tags: , , , , , , , , , , , , , , ,
Posted in BA, CE, healthcare, HIPAA, HITECH, Information Security, Laws & Regulations, mobile computing, privacy, Privacy and Compliance | 1 Comment »

Don’t Let School Break Be A Privacy Break-In!

June 3rd, 2011

A couple of days ago I published my monthly Privacy Professor Tips message, “Summer Break-in.”  I provide these tips free to anyone who wants to sign up for it on my web site and fills out one of the boxes that says, Read the rest of this entry »

Tags: , , , , , , , , , , , , , , , ,
Posted in Information Security, Laws & Regulations, privacy, Privacy and Compliance, Training & awareness | No Comments »

Designated Record Sets: Know What They Are! (AD NPRM Discussion #1)

June 2nd, 2011

My last blog post provided a preliminary overview of the Accounting of Disclosures Notice of Proposed Rulemaking (AD  NPRM).  I got a lot of questions as a result directly, in addition to the blog comments. When trying to understand regulations, and how to put them into practice within an organization, I’ve found it is best to break them down into bite-sized chunks, starting from the basics and building from there.  Today I want to spend a little time looking at what makes up a “designated record set,” or DRS, since the access report requirement is specific to accesses to DRS’s… Read the rest of this entry »

Tags: , , , , , , , , , , , , , , , , , , , ,
Posted in BA, CE, healthcare, HIPAA, HITECH, Laws & Regulations, Privacy and Compliance | 1 Comment »

Preliminary Thoughts about the HIPAA Accounting of Disclosures NPRM

May 31st, 2011

On Friday, May 27, 2011, the Department of Health and Human Services (HHS) published the HIPAA Privacy Rule Accounting of Disclosures under the Health Information Technology for Economic and Clinical Health Act Notice of Proposed Rule Making (NPRM).  I’m still going through it but here are my preliminary thoughts… Read the rest of this entry »

Tags: , , , , , , , , , , , , , , ,
Posted in BA, CE, HIPAA, HITECH, Laws & Regulations, privacy, Privacy and Compliance | 10 Comments »

Physician Learns A Hard PHI Lesson

April 19th, 2011

News broke  yesterday about a physician in Rhode Island, at the Westerly Hospital, who was sanctioned for posting protected health information (PHI) on her Facebook page: Read the rest of this entry »

Tags: , , , , , , , , , , , , , , ,
Posted in BA, CE, healthcare, HIPAA, privacy, Privacy and Compliance, Social Media | 1 Comment »

Health Net Incident Impacting 1.9 Million: Lessons Learned

April 6th, 2011

Yesterday I provided some thoughts to Howard Anderson at HealthinfoSecurity.com about the recent Health Net incident for his article Here are some expanded thoughts for his questions…

Read the rest of this entry »

Tags: , , , , , , , , , , , , ,
Posted in HIPAA, HITECH | No Comments »

Legal Requirements for Information Security and Privacy Awareness and Training

March 30th, 2011

Earlier today following my online seminar, “Effective Training and Awareness: The Key to Information Security Success”  (http://gocsi.com/Training2011/OD/Awareness), I received the following question: 

 Where might I locate a summary breakdown of training regulations by industry? i.e. Pharma 

Read the rest of this entry »

Tags: , , , , , , , , , , , , , , , , , , ,
Posted in HIPAA, HITECH, Information Security, Laws & Regulations, privacy, Training & awareness | 3 Comments »

« Older Entries
Newer Entries »