Today the US Department of Health and Human Services (HHS) announced that the OCR will now be responsible for both the HIPAA Privacy Rule and the Security Rule.
Perhaps this is an indicator of more enforcement to come. As a quick review…
Posts Tagged ‘breach notification’
HIPAA Enforcement Will Improve With OCR Responsible for Both Privacy Rule & Security Rule
Monday, August 3rd, 2009(Lack Of) Encryption Is A Basis For Notification Under The HITECH Act
Friday, July 31st, 2009This week one of my tweeps asked me the following: “What’s your interpretation of encryption obligations for PHI data-at-rest under HITECH? Many parties are sweating this now.” Great question!
Information Security and Privacy Areas MUST Collaborate For Their Initiatives To Be Effective
Friday, March 14th, 2008For the past several years I have written often, and given much training, to demonstrate and emphasize the need for information security and privacy areas to collaborate in their efforts. There are just too many topic overlaps between the two areas to NOT work together cooperatively.
Effectively addressing and coordinating Privacy and Information Security initiatives has moved to the top of the list for companies maintaining customer and employee information. However, there are often gaps in communication and collaboration between Privacy and Information Security activities.
What Business Leaders Need to Know About Privacy Breach Notifications
Thursday, March 13th, 2008The third article in my March e-journal issue of “IT Compliance in Realtime” is “What Business Leaders Need to Know About Privacy Breach Notifications.”
Here it is, unformatted:
The “Reasonable Belief” of a Privacy Breach
Wednesday, March 12th, 2008The second article in my March e-journal issue of “IT Compliance in Realtime” is “The “Reasonable Belief” of a Privacy Breach.”
Here it is, unformatted:
