To date the Centers for Medicare and Medicaid Services (CMS) has not actively pursued HIPAA Security Rule compliance. Instead they have depended upon complaints to drive their investigations. However, as this article nicely points out, depending upon patients and healthcare workers to complain about problems leaves MANY HIPAA non-compliance issues…including significant information security and privacy vulnerabilities…dangerously unknown…
CMS Gets Heat Over Not Actively Enforcing HIPAA
November 18th, 2008Traveling PII
November 17th, 2008This is the second week in a row that I’ve been traveling and doing conference sessions, keynotes and my 2-day training class, so I’ve been a bit lax in my blog postings simply because of lack of time.
One of the things I like to do while traveling is to take notes about the many different types of personally identifiable information (PII) I see and hear while traveling. Traveling presents many significant risks to PII and other businss information, and not enough organizations provide training to their personnel to help them understand how to reduce those risks.
Here are a few of my notes from these current two weeks of travel…
Traveling PII
November 17th, 2008This is the second week in a row that I’ve been traveling and doing conference sessions, keynotes and my 2-day training class, so I’ve been a bit lax in my blog postings simply because of lack of time.
One of the things I like to do while traveling is to take notes about the many different types of personally identifiable information (PII) I see and hear while traveling. Traveling presents many significant risks to PII and other businss information, and not enough organizations provide training to their personnel to help them understand how to reduce those risks.
Here are a few of my notes from these current two weeks of travel…
Example Of How Many Healthcare Providers Do Not Understand HIPAA
November 12th, 2008HIPAA is misunderstood by many personnel who work for healthcare providers; probably because they do not receive effective or good training about HIPAA. Here is a good example of how healthcare providers inappropriately withhold information in the name of HIPAA…
U.S. Do Not Call Registry Accuracy
November 11th, 2008The “Do-Not-Call Improvement Act of 2007 Report to congress: regarding the Accuracy of the Do Not Call Registry” was just released a few days ago.
I found the following excerpt interesting…
FTC Applies GLBA & FTC Act Sanctions To Mortgage Lender
November 10th, 2008I anticipate that with the big $700 billion “rescue” plan the government is going to continue the increased compliance activities…
Cybercriminals Threaten To Post Millions Of PII Records For Express Scripts Customers
November 7th, 2008Just last month I blogged about the new Identity Theft Enforcement and Restitution Act of 2008. It covers extortion. I’m interested to see if it gets used for the latest extortion attempt…
State of New York Issues Guide For Protecting PII
November 6th, 2008The State of New York just released a general guide to the protection of personally identifiable information (PII)…
A Couple More Voting Problems
November 5th, 2008Email “Hack” Tells University Students & Staff That U.S. President Vote Is “Tomorrow”
November 5th, 2008Here’s another email incident example to add to your files…
