Yesterday the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) posted a new HIPAA frequently asked question (FAQ) to their site; a great question that many organizations do not even consider until after the fact…
Posts Tagged ‘policies and procedures’
HIPAA Compliance During Emergencies and Disasters
Tuesday, October 7th, 2008Information Security and Privacy Convergence and Collaboration
Monday, October 6th, 2008Effectively addressing and coordinating privacy and information security initiatives has moved to the top of the list for companies maintaining customer and employee information. However, there are often gaps in communication and collaboration between Privacy and Information Security activities.
These gaps create more complexity and bigger challenges for companies to handle, as well as putting the organization at greater risk for incidents, along with contractual and regulatory noncompliance.
Do Your Legal Contracts Conflict with Your Web Site Privacy Policy?
Friday, October 3rd, 2008Over the years I’ve found while doing website privacy policy reviews and gap analyses that a large portion of organizations make promises within their posted web site privacy policies that they do not support by internal procedures, and that they do not provide internal personnel training and awareness communications for; a huge risk!
I’ve also found that many organizations have online contracts for their web site customers that are in conflict with their posted privacy policies.
Are the Terms of Your Legal Contracts Enforceable?
Wednesday, October 1st, 2008Most web sites have some type of legal contract that is presented to site visitors for any number of reasons. Do your web site visitors actually read them? It probably depends upon how the contracts are presented to the web site visitors, and how the wording is constructed.
Are the contracts written clearly? Or, could they be interpreted in multiple ways? Or trick people into thinking they are agreeing to something other than what the legalese is trying to obligate them to agree to?
Do Your Legal Contracts Trick Web Site Visitors into Installing Spyware?
Tuesday, September 30th, 2008Over the past few years I’ve done a lot of research and reviewed a lot of privacy policies, and it’s really been amazing to see how the wording in many of them are not providing any privacy protections to website visitors or customers at all! In fact, some of them are downright tricking people into agreeing to share their personally identifiable information (PII) having software installed on their computers that they probably really do not want to have…
PII Encryption Required by New Massachusetts and Nevada Laws
Monday, September 29th, 2008There is a growing trend in laws that require personally identifiable information (PII) to be encrypted.
Encryption in past laws have been directed to be considered based upon risk, but now they are more explicitly required in some laws.
Privacy as a Competitive Edge
Thursday, September 25th, 2008I discuss how privacy is a competitive edge for business in the next section from my article, “How to Use Privacy as a Business Differentiator” within my September issue of IT Compliance in Realtime Journal.
Download the PDF for a much nicer looking version…
Privacy As A Business Differentiator
Wednesday, September 24th, 2008Should you be concerned about maintaining the privacy of the personally identifiable information (PII) with which you’ve been entrusted…from your customers, employees and others…only because of the growing numbers of laws that require you to be concerned?
Do you do nothing with regard to privacy protections if you are not compelled by laws because you want to save the money it would take to put the protections in place?
“Doing Well by Doing Good”
Tuesday, September 23rd, 2008Here’s the next section from my article, “How to Use Privacy as a Business Differentiator” within my September issue of IT Compliance in Realtime Journal.
Download the PDF for a much nicer looking version…
New HHS Guides For HIPAA Privacy Rule
Monday, September 22nd, 2008Did you see that the Department of Health and Human Services (HHS) released some new guidance documents for the Healthcare Portability and Accountability Act (HIPAA) Privacy Rule compliance activities on September 17?
I need to go through them more thoroughly, but upon a quick scan they look like they contain some pretty good, and interesting, guidance information for both patients and healthcare providers…
