On July 9, 2009 the Missouri governor signed House Bill No. 62 into law, and it included section 407.1500, which is the requirement for giving privacy breach notice.
Since I’m focusing this week on encryption laws, I want to take a moment and point out the horrible way in which encryption is defined within this new Missouri law..
Posts Tagged ‘HIPAA’
New MO Breach Notice Law: Encryption Safe Harbor? Yes. Encryption Def Good? No!
Wednesday, July 22nd, 2009Has Massachusetts Encryption Law Stopped It’s Evolution?
Monday, July 20th, 2009This week I want to take a look at encryption laws. Only a few short years ago no law or regulation really had explicit encryption requirements. HIPAA, passed in 1996 with effective compliance deadline requirements in 2003 (Privacy Rule) and 2005 (Security Rule) included withint the Security Rule that encryption was “addressable” based upon the results of risk assessment.
However, encryption became a more hotly debated topic with the more recent Massachusetts and Nevada laws that explicitly require organizations to encrypt personally identifiable information (PII). Now the question of whether or not the Massachusetts law will indeed be enforced upon the current compliance date of January 1, 2010 is once more in the news…
What is PII? How About “Publicly Available” Info?
Thursday, July 16th, 2009There is much debate about what specific types of items should be considered as personally identifiable information (PII). A common topic of debate is; if information can be found publicly does that mean it is not PII?
What is PII? How About Groups Of Otherwise Non-PII?
Wednesday, July 15th, 2009I want to continue my look at the concept of personally identifiable information (PII), and what types of items, in particular, are considered as such…
What is PII? How About IP Addresses?
Monday, July 13th, 2009This week I want to look at the concept of personally identifiable information (PII), and what types of items, in particular, are considered as such…
Healthcare Worker Gets 1 Year In Prison For Posting HIV Victim’s Medical Records On Internet
Wednesday, June 10th, 2009Today a report discussed how a healthcare worker obtained medical information about a patient with HIV that was then posted on the Internet…
HIPAA, HITECH Act and Disposal Problems
Thursday, May 21st, 2009Here’s yet another incident that provides very good lessons that could be incorporated into information security and privacy training sessions as a case study, particularly for HIPAA compliance as well as secure disposal training…
HITECH Act does *NOT* make HIPAA, or HIPAA advice, “obsolete”!
Monday, May 18th, 2009A couple of weeks ago I was surprised and concerned by a statement made in one of my many listservs by a lawyer commenting on HIPAA books and past advice given for HIPAA compliance…
Podcast: HITECH Act adds new compliance requirements, penalties
Wednesday, May 6th, 2009Last week I had the pleasure of speaking with Alexander B. Howard at SearchCompliance.com for a 26 minute podcast…
HIPAA & HITECH Act Sanctions & Penalties
Tuesday, April 28th, 2009Today I had the great pleasure and opportunity to do a podcast with Alexander Howard over at TechTarget discussing HIPAA and the HITECH Act…
