Posts Tagged ‘healthcare’

No Those Messages Will Not Completely Self-Delete

Friday, October 30th, 2015

A childhood friend of mine, who does not have a technology or information security background, recently asked me whether or not apps that promise messages, photos, videos, and anything else sent through them will completely disappear were to be trusted. She referenced several different proclaimed “disappearing messages” apps that are currently available and asked, “So what do you think of these disappearing apps?  The messages are not really gone?” She is responsible for the care of an adult relative, and wanted to be able to communicate with his healthcare providers securely, and to not have any of the communications to linger and had been using one of these apps. (more…)

The 3 Necessary Elements for Effective Information Security Management

Thursday, December 11th, 2014

Seeing all these really bad information security incidents and privacy breaches, often daily, are so disappointing.  Let’s consider these four in particular.

  1. The Sony hack that seems to continue to get worse as more details are reported.
  2. An ER nurse using the credit cards of patients.
  3. Breaches of Midwest Women’s Healthcare patient records due to poor disposal practices at the Research Hospital.
  4. TD Bank’s outsourced vendor losing two backup tapes containing data about 260,000 of their customers.

And the list could continue for pages.

These incidents, and most others, probably could have been prevented if an effective information security and privacy management program existed that was built around three primary core elements: (more…)

Should You Rush to Execute a BA Agreement Today? Probably Not

Thursday, January 24th, 2013

The final HIPAA “mega rule” is going to be officially published on the Federal Register tomorrow, January 25, 2013.  Currently the version available (https://s3.amazonaws.com/public-inspection.federalregister.gov/2013-01073.pdf) is “pre-publication” version.

Over the past week I’ve had numerous CEs and BAs contacting me, frantic to change their BA Agreements to “avoid complying with the Mega Rule for another year!” Wait, folks. You are misunderstanding; this is a very specific extension that only applies to the BA Agreements.  Let me explain… (more…)

Health Net Incident Impacting 1.9 Million: Lessons Learned

Wednesday, April 6th, 2011

Yesterday I provided some thoughts to Howard Anderson at HealthinfoSecurity.com about the recent Health Net incident for his article Here are some expanded thoughts for his questions…

(more…)

HIPAA Compliance Investigations And The Insider Threat

Wednesday, February 2nd, 2011

I’ve been getting a lot more questions about HIPAA and HITECH lately from folks I’ve never met, but who have concerns about the security and privacy of their health information (“protected health information” or “PHI” as referenced within HIPAA/HITECH), businesses that are trying to understand how to protect PHI according to the regulatory requirements, and a growing number who express frustration with the unsecure ways in which clients, customers, patients and business partners are sharing information with them.  There just are not enough hours in the day to answer them all, but  I decided I’d start sharing some of the questions, and my corresponding answers, that seem to be topics that a wide range of readers may be interested in.

I was recently contacted by someone who had a question about a recent HIPAA complaint against Rowan Regional Medical Center (more…)

HIPAA/HITECH Final Rule Set To Be Published in March

Tuesday, January 4th, 2011

On December 20, 2010, the U.S. federal government published “Part II: Regulatory Information Service Center: Introduction to The Regulatory Plan and the Unified Agenda of Federal Regulatory and Deregulatory Actions.”  If you are a healthcare Covered Entity (CE), Business Associate (BA) or BA subcontractor, as defined under HIPAA and HITECH, this should be of interest to you.  Why?  Because within it is the long-awaited Department of Health and Human Services (HHS) timeline for when they would publish the final rule of the Notice of Proposed Rule Making (NPRM) that came out in July, 2010.  The date?  Well, (more…)

The Benefits of a Privacy Ombudsman

Wednesday, March 26th, 2008

The folks from Cutter just notified me that an excerpt from a recent article I wrote, “Learning from a Privacy Ombudsman: A Case Study to Establish a Healthcare Services Ombudsman,” will soon be featured in the “Quote of the Day” section of the Cutter Web site.
Here’s the excerpt…

(more…)