Posts Tagged ‘Information Security’
Wednesday, May 2nd, 2012
My 12-year-old son said to me yesterday after getting home from school, “Hey, Mommy, did you know that Wal-Mart can tell when you’re pregnant? And so can Target! Even before anyone else knows! They got a girl in trouble when they sent her dad coupons for baby stuff and congratulated her!”
Me, “That’s pretty incredible, isn’t it? Companies are able to discover things like that about people more than ever before through analyzing what is called ‘Big Data’.”
Son, “That’s really creepy. I think you should (more…)
Tags:audit, big data, breach, breach response, change controls, compliance, data analytics, data mining, encryption, IBM, Information Security, information technology, infosec, IT security, midmarket, non-compliance, personal information, personally identifiable information, PII, policies, privacy, privacy breach, privacy professor, privacyprof, protected health information, Rebecca Herold, security, security engineering, sensitive personal information, SPI, systems security, Target, Wal-Mart
Posted in privacy | 1 Comment »
Tuesday, April 17th, 2012
Last week I provided Howard Anderson at HealthInfosecurity.com with some of my thoughts about the recent Utah Department of Health breach of the files of 900,000 individuals, and counting. He included some of my thoughts in his blog post, along with thoughts from others. I wanted to provide my full reply here, along with some expanded thoughts.
As background, for those of you who may not have heard of this hack yet, in a nutshell: (more…)
Tags:audit, breach, breach response, change controls, compliance, DTS, encryption, IBM, Information Security, information technology, infosec, IT security, Medicaid, midmarket, non-compliance, personal information, personally identifiable information, PHI, PII, policies, privacy, privacy breach, privacy professor, privacyprof, protected health information, Rebecca Herold, security, security engineering, sensitive personal information, SPI, systems security, Utah
Posted in BA, CE, healthcare, HIPAA, HITECH, Information Security, Privacy Incidents | No Comments »
Sunday, January 8th, 2012
When looking ahead to what may happen in this new year it is necessary to first look back. Not only to 2011, but when making plans to move forward even further back to help make the best decisions moving forward. I do a lot of reading, including many mainstream publications written for the general public. You can see a lot of trends and problems by reading about how the general public is reporting (or not) about them. I also like to read the various publications specific to information security, privacy, compliance and technology to see the backstories and guts of the problems. Looking at all such reports helps to provide a more comprehensive view necessary for making good decisions. (more…)
Tags:2011, 2012, awareness, cloud computing, compliance, governance, GRC, Information Security, infosec, mobile computing, privacy, privacyprof, Rebecca Herold, security, Smart Grid, Smart Meter, training
Posted in Information Security, mobile computing, privacy | No Comments »
Tuesday, January 3rd, 2012
Happy New Year! I hope your year is starting out great. Have you made it to day 3 without breaking any of your resolutions? How about adding one more… (more…)
Tags:awareness, compliance, education, HIPAA, Information Security, personal information, PHI, PII, privacy, privacyprof, Rebecca Herold, training
Posted in privacy, Training & awareness | No Comments »
Saturday, December 10th, 2011
On October 10, 2011, there was a report in the Baltimore Sun, “Law firm loses hard drive with patient records: Attorneys represent St. Joseph cardiologist sued for malpractice.” I posted about the report to one of the LinkedIn groups I participate in, pointing out that this is yet one more example of (more…)
Tags:BA, Baltimore, business associate, cardiologist, CE, compliance, covered entity, HIPAA, HITECH, hospital, Information Security, lawyer, malpractice, PHI, privacy, privacy breach, Rebecca Herold, St. Joseph, subpoena
Posted in BA, CE, healthcare, HIPAA, HITECH, Information Security, Laws & Regulations, privacy, Privacy and Compliance | 6 Comments »
Friday, July 8th, 2011
I just got off a 30-minute call that came unsolicited from a young-sounding man with a very thick Indian accent who, when I asked him his name, said it was Jason Anderson (doesn’t sound like an authentic name of someone from India). He told me he was calling me because there had been a lot of complaints in my area about malicious code damaging operating system software and he wanted to be sure my operating system was not impacted. (more…)
Tags:cybercrime, cybercriminals, Information Security, phone fraud, scams, social engineering
Posted in Information Security, Miscellaneous, Uncategorized | 11 Comments »
Friday, July 8th, 2011
Here’s yet another HIPAA violations penalty to add to what seems to be a quickly growing list. In this case it was a violation of the minimum necessary access principle, in addition to providing the information to reporters, who then published the information. And, it is likely based upon the required actions that go beyond the fine, that the policies, procedures, training, awareness, and access logging processes was lacking as well. (more…)
Tags:accounting of disclosures, BA, business associates, CE, covered entities, herold, HHS, HIPAA, HITECH, Information Security, notice of proposed rule making, NPRM, OCR, privacy, privacy breach, privacy rule, sanctions, security, security rule, UCLA
Posted in CE, healthcare, HIPAA, HITECH, Information Security, Laws & Regulations, Non-compliance Sanctions Examples, privacy, Privacy and Compliance, Privacy Incidents | 4 Comments »
Sunday, June 19th, 2011
I’m giving a free webinar sponsored by Sophos this coming Wednesday, June 22: “10 Risk-Reducing Actions for Mobile HIPAA/HITECH Compliance.” Here is more information about it: (more…)
Tags:awareness, business associates, compliance, covered entities, HIPAA, HITECH, Information Security, patient information, PHI, privacy, protected health information, Rebecca Herold, risk managements, Sophos, training, wireless security
Posted in BA, CE, healthcare, HIPAA, HITECH, Information Security, Laws & Regulations, mobile computing, privacy, Privacy and Compliance | 1 Comment »
Friday, June 3rd, 2011
A couple of days ago I published my monthly Privacy Professor Tips message, “Summer Break-in.” I provide these tips free to anyone who wants to sign up for it on my web site and fills out one of the boxes that says, (more…)
Tags:awareness, breach, compliance, GLBA, herold, HIPAA, HITECH, incident, Information Security, privacy, privacy professor, privacy training, Rebecca Herold, risk, risk management, security training, training
Posted in Information Security, Laws & Regulations, privacy, Privacy and Compliance, Training & awareness | No Comments »
Thursday, June 2nd, 2011
My last blog post provided a preliminary overview of the Accounting of Disclosures Notice of Proposed Rulemaking (AD NPRM). I got a lot of questions as a result directly, in addition to the blog comments. When trying to understand regulations, and how to put them into practice within an organization, I’ve found it is best to break them down into bite-sized chunks, starting from the basics and building from there. Today I want to spend a little time looking at what makes up a “designated record set,” or DRS, since the access report requirement is specific to accesses to DRS’s… (more…)
Tags:access report, accounting of disclosures, BA, business associates, CE, Compliance Helper, covered entities, designated record set, DRS, herold, HHS, HIPAA, HITECH, Information Security, NCHICA, notice of proposed rule making, NPRM, privacy, privacy rule, security, security rule
Posted in BA, CE, healthcare, HIPAA, HITECH, Laws & Regulations, Privacy and Compliance | 1 Comment »
