Posts Tagged ‘PII’
Wednesday, January 30th, 2008
While scanning the news blurb summaries today, the statement, “This is a violation of HIPAA.” caught my eye. Hmm…let’s see what this is about…
This statement was actually within the reader comments to the story, “Blue Cross reports theft of computer.”
(more…)
Tags:awareness and training, Blue Cross/Blue Shield, encryption, HIPAA, Information Security, IT compliance, patient privacy, PHI, PII, policies and procedures, privacy, privacy policy, protected health information, risk management, security awareness, security training, stolen laptop
Posted in Privacy Incidents | 2 Comments »
Tuesday, January 22nd, 2008
Last month I finished the second issue of my Protecting Information publication and the topic couldn’t be more timely: social engineering.
Just today I have already read in my daily news items 5 articles about social engineering! One in particular, “CUNA Mutual Warns on Costly HELOC Scam,” provides not only a great example of a current social engineering scam, but it would also make a great case study for social engineering training and within your awareness communications and activities. Here’s a quick overview…
(more…)
Tags:awareness and training, CUNA Mutual, Information Security, IT compliance, personally identifiable information, PII, policies and procedures, privacy, privacy policy, risk management, security awareness, security training, social engineering
Posted in Information Security, Privacy and Compliance, Privacy Incidents | No Comments »
Monday, January 21st, 2008
The U.S. Centers for Medicare and Medicaid Services (CMS) announced last week that they plan to audit 10 – 20 hospitals for HIPAA compliance in the next 9 months according to a Government Health IT article.
(more…)
Tags:awareness and training, CMS, HHS, HIPAA, Information Security, IT compliance, patient privacy, PII, policies and procedures, PricewaterhouseCoopers, privacy, privacy policy, privacy rule, PwC, risk management, security awareness, security rule, security training
Posted in Privacy and Compliance | No Comments »
Tuesday, January 15th, 2008
I just read a very interesting article, “CMS’ HIPAA watchdog presents potential conflict” that made me go Hmmm!!
The genesis of the article is that the Centers for Medicare and Medicaid Services (CMS), the agency that is responsible for the Health Insurance Portability and Accountability Act (HIPAA) oversight and compliance enforcement, has contracted PricewaterhouseCoopers (PwC) to perform HIPAA Security Rule compliance audits during 2008.
(more…)
Tags:awareness and training, CMS, HHS, HIPAA, Information Security, IT compliance, OCR, patient privacy, PHI, Piedmont Hospital, PII, policies and procedures, PricewaterhouseCoopers, privacy, privacy policy, privacy rule, PwC, risk management, security awareness, security rule, security training
Posted in Privacy and Compliance | No Comments »
Sunday, January 13th, 2008
Here’s a case I blogged about amost exactly a year ago, but it is worth revisiting since the sentencing for the crime was just handed down and it was significant. If you haven’t already, put this in your file of actual examples to incorporate into your information security and privacy awareness and training activities and content.
On January 8 a federal court in Newark, New Jersey, sentenced Yung-Hsun “Andy” Lin, a former systems administrator for Medco Health Solutions Inc., to 30 months in prison for transmitting computer code intended to wipe out data stored on Medco’s network; composed of more than 70 servers.
(more…)
Tags:Andy Lin, awareness and training, computer crime, cybercrime, Information Security, insider threat, IT compliance, logic bomb, Medco, personal privacy, personally identifiable information, PII, policies and procedures, privacy, risk management, security awareness, security training
Posted in Information Security | No Comments »
Friday, January 11th, 2008
I just read this and found the implication that folks over 50 years of age are not terrorist threats rather odd.
Today the U.S. Department of Homeland Security released some new rules related to READ ID.
(more…)
Tags:awareness and training, DHS, Information Security, IT compliance, personal privacy, personally identifiable information, PII, policies and procedures, privacy, REAL ID, risk management, security awareness, terrorist
Posted in government | 1 Comment »
Friday, January 11th, 2008
I’ve blogged several times, such as here, here and here, about how information posted to the Internet, such as on Facebook and other social networking sites, cannot be considered as being private or secure, have been used to make hiring and firing decisions, and how it has impacted lives in other ways.
Well, now information posted to social networking sites are being used by schools.
(more…)
Tags:awareness and training, Eden Prairie, facebook, Information Security, IT compliance, personal privacy, personally identifiable information, PII, policies and procedures, privacy, protecting information, risk management, security awareness, security training, social networking
Posted in Privacy and Compliance | No Comments »
Tuesday, January 8th, 2008
Tags:awareness and training, Information Security, IT compliance, personal privacy, personally identifiable information, PII, policies and procedures, privacy, risk management, security awareness, security training, Shirk
Posted in Privacy Incidents | No Comments »
Sunday, December 30th, 2007
Tags:Authorities Principles of Business, awareness and training, FSA, identity verification, Information Security, IT compliance, Norwich Union Life, personally identifiable information, PII, policies and procedures, pretexting, risk management, security awareness, security training
Posted in Non-compliance Sanctions Examples | No Comments »
Wednesday, December 19th, 2007
For the past 10 years I have been driving the same, reliable, non-troublesome car. It still looks good enough (I don’t really worry about driving an “it” kind of car). However, it is getting a bit rattly, and my friends have been increasingly giving me a hard time about continuing to drive it past the 200,000 mile mark. I never really cared much until my starter went out a couple of months ago. I wondered, what if this had happened to me while I was in a neighboring state at a client site? Sure, I have AAA, but it would still be a hassle. So, I decided if I saw a car I really liked and that had all the features I wanted, I would splurge and get a new car.
Well…I just happened to find a car I absolutely loved after seeing and driving it. I was at the dealer paying for it yesterday, and the sales person asked for my Social Security Number (SSN).
(more…)
Tags:awareness and training, FERPA, GLBA, HIPAA, identity theft, Information Security, Iowa law, IT compliance, personally identifiable information, PII, policies and procedures, privacy, privacy policy, risk management, security awareness, security training, social security number, SSN
Posted in Privacy and Compliance | 1 Comment »
