Posts Tagged ‘IBM’

Newer Entries »

Back to the Future Security Basics: Security through Obscurity Still Does Not Work

Tuesday, April 17th, 2012

Last week I provided Howard Anderson at HealthInfosecurity.com with some of my thoughts about the recent Utah Department of Health breach of the files of 900,000 individuals, and counting. He included some of my thoughts in his blog post, along with thoughts from others. I wanted to provide my full reply here, along with some expanded thoughts.

As background, for those of you who may not have heard of this hack yet, in a nutshell: (more…)

Tags:, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in BA, CE, healthcare, HIPAA, HITECH, Information Security, Privacy Incidents | No Comments »

6 Good Reasons to De-Identify Data

Friday, March 30th, 2012

De-identification is a great privacy tool for all types of businesses, of all sizes.  If you have personal data that you want to use for research, marketing, testing applications, statistical trending or some other legitimate purpose, but you don’t need to know the specific individuals involved in order to meet your goals, then you should consider de-identifying the personal data.  Even though it sounds complicated there are many good methods you can use to accomplish de-identification.  And the great thing is, (more…)

Tags:, , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in privacy | 2 Comments »

Encryption: Myths and Must Knows

Friday, March 2nd, 2012

I am looking forward to the day when we can look at the news headlines and not see some report about a lost or stolen computing device or storage device that contained unencrypted personal information and/or other sensitive information.  And, I also want to stop seeing stories reappear about such an incident, such as the stolen NASA laptop with the clear text Space Station control codes that was stolen last year, but is making the headlines yet again today.  NASA is a large enough, and tech savvy enough, organization to know better!  However, there are many organizations that simply don’t understand what a valuable information security tool encryption is.   I work with many small to medium sized businesses (SMBs), all of which have legal obligations (such as through HIPAA and HITECH, along with contractual requirements) to protect sensitive information, such as personal information.  Over the past year I’ve heard way too many of them make remarks such as… (more…)

Tags:, , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Information Security | 1 Comment »

Is A W-2 PHI?

Monday, February 27th, 2012

“Is a W-2 form protected health information?” is a simple question with a complex answer that begins (I know, to the nail-biting chagrin of many), “It depends…”

First the full question: (more…)

Tags:, , , , , , , , , , , , , , , , , , ,
Posted in BA, CE, HIPAA, HITECH | No Comments »

Health Net Incident Impacting 1.9 Million: Lessons Learned

Wednesday, April 6th, 2011

Yesterday I provided some thoughts to Howard Anderson at HealthinfoSecurity.com about the recent Health Net incident for his article Here are some expanded thoughts for his questions…

(more…)

Tags:, , , , , , , , , , , , ,
Posted in HIPAA, HITECH | No Comments »

Newer Entries »