Posts Tagged ‘policies and procedures’

7 More Reasons Why Sending Cleartext IM and Email Is *NOT* Secure Even If Your Doc Says It Is…Part 2

Wednesday, November 21st, 2007

As a continuation of my blog posting from Monday, here are 7 additional reasons to add to the previous 4 for why sending cleartext instant messages (IMs) and email is not secure:

(more…)

Sending Cleartext IM and Email Is *NOT* Secure Even If Your Doc Says It Is…Part 1

Monday, November 19th, 2007

I got some interesting comments and questions, and lots of good direct feedback, about my blog post on sending cleartext patient information last week, “HIPAA: Beware Doctors Who Claim They Don’t Have To Follow Safeguard and Privacy Requirements” so I wanted to take this opportunity to discuss the topic a little more.

(more…)

Sending Cleartext IM and Email Is *NOT* Secure Even If Your Doc Says It Is…Part 1

Monday, November 19th, 2007

I got some interesting comments and questions, and lots of good direct feedback, about my blog post on sending cleartext patient information last week, “HIPAA: Beware Doctors Who Claim They Don’t Have To Follow Safeguard and Privacy Requirements” so I wanted to take this opportunity to discuss the topic a little more.

(more…)

Personnel Privacy, New I-9 Forms, Removal of SSN Requirements and IT Involvement

Sunday, November 18th, 2007

Early this year I did a data flow analysis for I-9 compliance, and I blogged a few months ago about I-9 related issues in “New Tennessee Law Prohibits Using Federal Individual Taxpayer ID as Proof of Immigration Status.”
I-9 compliance issues impact many areas of an organization. However, within most organizations many areas, such as IT and information security, are not aware of the I-9 compliance issues and unknowingly put the company at noncompliance jeopardy. Compliance with any law or regulation that involves personally identifiable information (PII) usually require the involvement of legal, IT and information security areas.

(more…)

Personnel Privacy, New I-9 Forms, Removal of SSN Requirements and IT Involvement

Sunday, November 18th, 2007

Early this year I did a data flow analysis for I-9 compliance, and I blogged a few months ago about I-9 related issues in “New Tennessee Law Prohibits Using Federal Individual Taxpayer ID as Proof of Immigration Status.”
I-9 compliance issues impact many areas of an organization. However, within most organizations many areas, such as IT and information security, are not aware of the I-9 compliance issues and unknowingly put the company at noncompliance jeopardy. Compliance with any law or regulation that involves personally identifiable information (PII) usually require the involvement of legal, IT and information security areas.

(more…)

A Lesson In IT Backup Media Management From Francis Ford Coppola

Friday, November 16th, 2007

As I was reading this week’s issue of Time magazine I found a backup lesson given by Francis Ford Coppola!

(more…)

HIPAA: Beware Doctors Who Claim They Don’t Have To Follow Safeguard and Privacy Requirements

Thursday, November 15th, 2007

My good friend Alec recently made me aware of a very interesting blog post made by a physician (thanks Alec!) that is frankly quite troubling.

(more…)

U.S. Federal Teleworking Report Reminds Us that Teleworking Saves Time and Resources, But Must Be Done With Safeguards In Place

Wednesday, November 14th, 2007

On November 6 there was a an interesting hearing held by the U.S. Subcommittee on Federal Workforce, Postal Service, and the District of Columbia about teleworking in the federal agencies.
Considering large numbers of privacy breaches occurring within government agences involving mobile computing devices and storage devices, this caught my eye.

(more…)

The Deputy Director of National Intelligence Does Not Understand Key Concepts Of Privacy

Monday, November 12th, 2007

I found a report yesterday, “Intelligence deputy to America: Rethink privacy” quite interesting. The impact on privacy…the actual definition, not the definition Donald Kerr, the principal deputy director of national intelligence, thinks it should be…would not only be a huge step backward for the country, but it would also increase the threats to personally identifiable information (PII) exponentially.

(more…)

French Supreme Court Decision Points Out Importance Of Using Monitoring Notices Wherever In The World You Have Personnel

Sunday, November 11th, 2007

I just read about a French Supreme Court decision made on October 10 (you can see a Google English rough translation of it here) that is significant to organizations who have employees in France, or anywhere worldwide for that matter, and the organization’s employee monitoring practices.

(more…)