Posts Tagged ‘PHR’

4 Privacy Predictions for 2015

Saturday, November 29th, 2014

It is that time of the year again…time for prognostications about the year ahead!

I was asked to provide a few predictions for 2015. Based upon not only what I’ve seen in 2014, but also foreshadowing from the past two-three decades, here are some realistic possibilities.  (more…)

Breach Notices, Securing PHI & PHR Vendor Responsibilities Under HIPAA/HITECH Act

Tuesday, April 21st, 2009

Last Friday the US Department of Health and Human Services (HHS) released, at the last possible moment to meet their deadline, their interim final regulations to require covered entities (CEs) under the Health Insurance Portability and Accountability Act (HIPAA) and their business associates (BAs) to provide for notification in the case of breaches of unsecured protected health information (PHI) as required by the HITECH Act.
If you’ve read any of the at least 47 U.S. state and territory beach notice laws you will get a strong sense of deja vu while reading this document. They borrowed HEAVILY from the various existing breach notice laws to estblished their proposed definitions of securing PHI, what constitutes a “breach” of PHI, and for doing breach notifications.
There are two major issues…


New HHS Guidance States HIPAA Does Not Apply To PHRs

Sunday, December 28th, 2008

I hope you are all having a wonderful holiday season! I hadn’t planned to take the past few days off from blogging, but something like the flu (probably the flu) hit me like a bag of bricks on Christmas day and I’ve been curled in a fetal position in my bed for the past few days. Oddly enough while laying there feeling like my bones were all slowly dissolving (and thinking about the types of body braces you’d need to create to deal with something like that!) I was also thinking about how silly it was for the Health Insurance Portability and Accountability Act (HIPAA; and any industry-specific data protection law) to define that the only organization’s that would legally need to safeguard protected health information (PHI) are the narrowly defined covered entities (CEs); healthcare providers, healthcare insurers and healthcare clearinghouses.


Confusing Folks: PHR, PHI, PII, NPPI, and Dozens of Other Acronyms…It’s Still All Personal Information

Wednesday, July 25th, 2007

I really enjoy reading survey results. I can’t help myself. Whether the surveys are well-done, sloppy, long, short, statistically accurate or obviously statistically invalid, I still find them interesting. Especially when they cover what the general public and non-IT/non-infosec person thinks or knows about information security and privacy, or some industry-specific issue.