It is great to see a story published about a hospital, actually any type of organization that is a covered entity (CE), that is actively and seriously trying to be in compliance with HIPAA requirements.
Posts Tagged ‘PII’
A Hospital Actively Enforcing HIPAA Requirements!
Saturday, September 29th, 2007Canadian Privacy Commissioners Release TJX Investigation Report
Tuesday, September 25th, 2007Yesterday the Office of the Privacy Commissioner of Canada and the Office of the Information and Prrivacy Commissioner of Alberta released their “Report of an Investigation into the Security, Collection and Retention of Personal Information” concerning the TJX breach. The investigation was performed to determine if, and if so to what extent, the incident was a violation of Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and/or the Personal Information Protection Act (PIPA).
Security and Privacy Pros Believe…Yes! Privacy Still Does…Or At Least Can…Still Exist!
Monday, September 24th, 2007Last Friday I had the pleasure of discussing the question of, “Do We Have Privacy Anymore” with a group of highly regarded information security and privacy pros, including:
A Military Grade Encrypting Self-Destructing USB Drive Makes A Great Gift!
Saturday, September 22nd, 2007This morning I was doing some of my Christmas gift shopping…yes, I like to get mine done early! 🙂 Any way, I’m thinking about getting an Ironkey encrypted USB drive for some of my relatives who are in dire need of protecting their information better.
New FTC Report Provides Organizations Good Guidance For Protecting PII
Tuesday, September 18th, 2007Today the U.S. Federal Trade Commission (FTC) released a report, “Combating Identity Theft: Implementing a Coordinated Plan.”
Would You Be More Inclined To Work For A Company That Gave You Identity Theft Insurance As A Benefit?
Monday, September 17th, 2007Last year I had a couple of different identity theft insurance vendors contact me wanting me to endorse their products as they were trying to sell the packages to employers to offer to their employees as part of their total benefits packages.
PII for 60,000 Lost In Yet Another Incident: Know How To Address The Risks Involved With Entrusting PII To Business Partners
Thursday, September 13th, 2007Yesterday yet another incident occurred where a business partner / vendor lost the personally identifiable information (PII) for which they had been entrusted. Americhoice sent a CD containing the PII of 67,000 individuals to TennCare via overnight UPS delivery.
The First Ever HIPAA Audit: Where’s The Report? Does It Have Beef?
Wednesday, September 12th, 2007Gosh, I just had a flashback to the “Where’s the Beef” commercial from years ago… 🙂
The U.S. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule went into effect in April, 2001, and gave covered entities (CEs) two years to get into compliance. The HIPAA Security Rule went into effect in April 2003 and CEs had until April 2005 to get into compliance.
HIPAA & 4 Lessons From an Insider Threat Example: Former Healthcare IT Manager Hacks Into System and Deletes PHI
Monday, September 10th, 2007There are so many ways in which bad things can happen with the authorized access personnel and business partners have to sensitive data, personally identifiable information (PII), and business systems. Many times the bad things that happen are a result of a lack of awareness of how to properly protect information, a result of mistakes, or a result of malicious intent. Here is just one more example to add to your file of actual insider threat incidents.
HIPAA & 4 Lessons From an Insider Threat Example: Former Healthcare IT Manager Hacks Into System and Deletes PHI
Monday, September 10th, 2007There are so many ways in which bad things can happen with the authorized access personnel and business partners have to sensitive data, personally identifiable information (PII), and business systems. Many times the bad things that happen are a result of a lack of awareness of how to properly protect information, a result of mistakes, or a result of malicious intent. Here is just one more example to add to your file of actual insider threat incidents.
