Posts Tagged ‘Information Security’

« Older Entries
Newer Entries »

More On The HHS HIPAA Compliance Activities

Friday, May 23rd, 2008

Today I communicated with Sue Marquette Poremba at SC Magazine for an article she published this afternoon, “Proliferating HIPAA complaints and medical record breaches
She had seen my blog posting from yesterday, “HIPAA Complaints And Associated Resolutions Since 2003” and asked me some follow-up questions.
Here is the full reply I sent to her, much of which she used within her article, but with some other points I want to note as well…

(more…)

Tags:, , , , , , , , , , , , , , , ,
Posted in Laws & Regulations | No Comments »

HIPAA Complaints And Associated Resolutions Since 2003

Thursday, May 22nd, 2008

The U.S. Health Insurance Portability and Accountability Act (HIPAA) has required compliance from covered entities (CEs) since 2003. The Department of Health and Human Services (HHS) is the Federal agency with regulatory oversight for compliance; with the Office of Civil Rights (OCR) responsible for Privacy Rule enforcement and the Centers for Medicare and Medicaid Services (CMS) responsible for Security Rule enforcement. Why two different offices to perform enforcement activities? No good reason was ever given.
I was just out looking on the HHS’s HIPAA compliance and enforcement site.
On May 12, 2008, they provided some interesting statistics from their enforcement activities from the past 5 years. Looks like they love Excel and the graphing capabilities! 🙂 I want to share some of the statistics with you…

(more…)

Tags:, , , , , , , , , , , , , , ,
Posted in Laws & Regulations | No Comments »

45 U.S. Breach Notice Laws…And Still Counting

Wednesday, May 21st, 2008

Yesterday I posted a link to my quick reference list of breach notice laws.
I created that document at the beginning of this month, and Doug Markiewicz told me today in a comment to that post that there are two additional laws, one signed since I created my most recent list; thanks Doug!

(more…)

Tags:, , , , , , , ,
Posted in Laws & Regulations | No Comments »

43 U.S. Breach Notice Laws…And Counting

Tuesday, May 20th, 2008

There are currently 43 breach response laws in the U.S.; this includes the District of Columbia and Puerto Rico.

(more…)

Tags:, , , , , , , ,
Posted in Laws & Regulations | 5 Comments »

Do Your Terms Of Use Try To Gut Your Privacy Policy Promises?

Sunday, May 18th, 2008

I see a growing trend in organizations trying to gut the promises made in their website privacy policies through sneaky wording they place in their rarely read “Terms of Use” statements.
Over the past few months I have heard from some CISOs and CPOs who are concerned at some of the wording that their legal counsels are suggesting they put on their web sites. And rightly so. Why? Because the considered “Terms of Use” statements seem to be, 1) trying to eliminate all liability to the organization for anything bad that happens to the personally identifiable information (PII) submitted to or accessed from the site; 2) basically nullifying the posted privacy policy; and 3) trying to require the website user to agree to these terms just by using the site…no active acknowledgment or agreement necessary.
Here is a composite from around half of a dozen of these worrisome passages from the considered drafted Terms of Use statements that I’ve seen…

(more…)

Tags:, , , , , , , , , , , ,
Posted in Privacy and Compliance | No Comments »

SEC Regulation S-P Proposals To Improve The Security Of Customer Information Within Brokerage Shops

Friday, May 16th, 2008

Do you work for a brokage house, have a subsidiary that is a brokerage house, or do any type of work with a brokerage house? If so, then you should be aware of the Securities and Exchange Commission (SEC) proposed changes to Regulation S-P in March of this year.
In general, the proposed amendments to Regulation S-P…

(more…)

Tags:, , , , , , , , , , ,
Posted in Laws & Regulations, Privacy and Compliance | No Comments »

CAN-SPAM: Record Judgment Along With Updated Rules

Thursday, May 15th, 2008

I was at the Secure360 conference (a fabulous event, btw) this week, and I’m just getting to an important current topic: CAN-SPAM.
On Monday (5/12) the FTC announced an update to the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM) law.

(more…)

Tags:, , , , , , , , , , ,
Posted in Laws & Regulations | No Comments »

Addressing the Insider Threat

Tuesday, May 13th, 2008

My May issue of “IT Compliance in Realtime” is now available!
The first article I have within this issue is, “Addressing the Insider Threat.”
Here is the unformatted text of the article; download the PDF to get the much nicer, prettier, formatted version…

(more…)

Tags:, , , , , , , ,
Posted in Information Security, Privacy Incidents | No Comments »

At the Secure 360 Conference

Monday, May 12th, 2008

Tomorrow and Wednesday I’m doing some sessions at the Secure 360 conference in St. Paul, Minnesota. I’m really looking forward to also seeing the other sessions while here (yes, I’ve arrived and getting some work done in my room)!

(more…)

Tags:, , , , , , , , , , , , ,
Posted in Information Security, Privacy and Compliance | 2 Comments »

Happy Mother’s Day!

Sunday, May 11th, 2008

Happy Mother’s Day! It was a gorgeous day here in central Iowa! I did business work all morning, but then took off at 3:00pm, went out with my family to a restaurant we all love, and then did some gardening; tomatoes, turnips, watermelon, peppers, pumpkins, sunflowers and sweet corn this year…plus a few pretty assorted annuals! The fruit trees, red buds, crab apple trees, Russian olives, and wigelias are all in full bloom right now…and the scent of the breeze is spectacular! 🙂
In honor of Mother’s Day I quickly scanned the news and blog sites to see what types of interesting information I could find relating to mother’s day and privacy. I didn’t find much, but here is a bit of what I found…

(more…)

Tags:, , , , , , , , , , ,
Posted in Miscellaneous | No Comments »

« Older Entries
Newer Entries »