Something that has bothered me, and many others, for a very long time is how there have been absolutely no enforcement actions for the Health Insurance Portability and Accountability Act (HIPAA) privacy rule or security rule since they went into effect. Passing a law and then not doing anything to enforce it, even after the enforcement agencies have received tens of thousands of complaints reporting noncompliance, makes the law weak and prone to disregard by covered entities (CEs) who see others getting away with noncompliance with just a, “Whoops! Sorry, we’ll try to fix that.”
Posts Tagged ‘policies and procedures’
HIPAA Security Rule and Privacy Rule Enforcement Reportedly Going To Be Pursued In 2007
Monday, April 9th, 2007Security and Legal Implications: NLRB Hears Oral Argument Regarding Employee’s Use of Employer’s Email System
Sunday, April 8th, 2007There are increasing reports of email misuse, malicious use, mistaken use, and just plain bad implementations of email systems that allow the many threats out in the wild and woolly Internet, and the desperado insiders, to exploit vulnerabilities. It is most common for information assurance pros to be fairly diligent in trying to keep malware out of the enterprise network through scanning and filtering emails, and it is good to see that it is also becoming a growing trend to try and prevent sensitive data from leaving the enterprise by using scanning and encryption. However, there are many other mishaps and business damage that can occur through the use, or misuse, of email and email monitoring that can have legal implications.
What Businesses Need to Know About Reputation-Based Messaging Technology
Sunday, April 1st, 2007I first started hearing about reputation-based technologies used in conjunction with filtering messages a couple of years ago. What a great idea! It does make sense to analyze the characteristics of a message to help determine whether or not it is legitimate, spam, contains malware, or is likely to be some other type of message you do not want getting onto your corporate network, doesn’t it? Trying to determine the “reputation” of the message seems to be a good additional check. Banks and credit card companies have been doing similar types of activities for decades, looking at the reputation of their loan and card applicants, when generating credit scores. It seems as though this type of analysis, while not fool-proof, could also have the potential to greatly assist with keeping unwanted messages from clogging the enterprise networks and mailservers.
What Were They Thinking!? U.S. Marshals Put The PII of Thousands of People on a D.C. Street For Anyone To Take
Saturday, March 31st, 2007I read a lot of articles about incidents; it is hard to keep up with them all! However, one I ran across on the WUSA 9News Now site in Washington D.C. grabbed my attention.
U.S. Dept of Homeland Security Creates National Computer Forensic Institute
Monday, March 26th, 2007On March 9 the U.S. Department of Homeland Security (DHS) announced the creation of a National Computer Forensic Institute.
U.S. Dept of Homeland Security Creates National Computer Forensic Institute
Monday, March 26th, 2007On March 9 the U.S. Department of Homeland Security (DHS) announced the creation of a National Computer Forensic Institute.
Don’t Be A Security Slacker
Sunday, March 25th, 2007Today I woke up to a beautiful, gorgeous spring morning…sunny, low 60’s (abnormally high for March), gentle breeze, the grass seemed to have gotten green over night, the birds are singing, the geese and ducks have come back after being gone for the winter and are swimming on our pond, a cute little chipmunk is eating from the birdseed and nuts I scattered on the patio outside my office door, what a great day! And then, after a nice walk outside, I come back inside, first to do some chores along with my family; my sons doing their assigned cleaning.
Raise Awareness by Sharing Your Knowledge And Experience
Saturday, March 24th, 2007You help to improve information assurance efforts and assist other information assurance practitioners by sharing your expertise, experiences, and suggestions. Consider writing an article for publication not only to help others, but also to help you hone your writing skills, validate your expertise to your business leaders by showing them your published work, and provide an avenue for meeting other professionals who reach out to ask you questions about your article.
Norwich University Fifth Annual Information Assurance Student Symposium: March 27
Friday, March 23rd, 2007I am very honored to be an adjunct professor for the Norwich Master of Science in Information Assurance (MSIA) program.
In this role I’m also fortunate to be able to work with Dr. Mich Kabay, who is the MSIA Program Director.
