Posts Tagged ‘privacy practice’

When is PHI Not PHI?

Tuesday, August 27th, 2013

The deadline for complying with the Omnibus Rule is quickly approaching. Psst…it’s September 23 for most covered entities (CEs) and business associates (BAs).  I’ve been tardy in getting blog posts made because I’ve been happy to have the opportunity to help my hundreds of Compliance Helper and Privacy Professor clients to get into compliance with all the HIPAA and HITECH rules, many just getting there for the first time, in addition to the Omnibus Rule changes and new requirements. I’ve been getting a lot of HIPAA questions from many of the CEs and BAs. I thought it would be helpful to provide some of them on my blog. I’ll start with an interesting question about (more…)

Sales and Marketers: Don’t Diss the Info Sec Pros

Wednesday, July 31st, 2013

This past week one of my marketing friends made a statement I’ve heard far too many sales and marketing folks say over the years.

“The IT Security folks don’t have decision-making authority, and they aren’t concerned with anything beyond their network. I try not to spend too much time on them.”

It reminded me of when I was responsible for information security and privacy at a multi-national financial and healthcare organization throughout the 1990’s. I had (more…)

You Don’t Attain Your Clients’ Compliance

Friday, July 12th, 2013

Someone recently commented that I write a lot of blog posts based on my work and what my clients, students and others I meet at conferences and training classes have said or done. Well, that’s because such interactions often create some very good teaching moments that many others could benefit from!  And so, yes, now I have another such experience to share.  One of my new Compliance Helper clients recently told me, “I still don’t know what I need to do for HIPAA/HITECH compliance that is not covered under the compliance activities of my business clients.  How can I do anything more beyond what they are already doing?” (more…)

Context Determines Privacy Impact

Tuesday, July 2nd, 2013

I’ve been getting the following question and comment increasingly more often in the past several months:

1)    “If someone’s name (more…)

Don’t Be Penny Wise and Privacy Foolish

Monday, June 17th, 2013

“We Can’t Afford Security and Privacy!”

Recently I was speaking to a healthcare executive (a hospital Chief Financial Officer) at a conference where I had talked in one of the sessions about the needs for information security and privacy not only for compliance reasons, but also to mitigate risks to the business. He seemed a bit short with me when he approached.

Him: “I wish (more…)

I See Business Associates…Do You See Yours?

Wednesday, May 29th, 2013

I’m getting a lot of déjà vu vibes lately with the old-ish Bruce Willis movie with the catch phrase “I see dead people.” (Remember that?) Only my twist on this phrase for the past few years is, “I see business associates.” A big problem is that (more…)

Don’t Treat Privacy Breach Victims like a Spurned Lover

Wednesday, May 1st, 2013

A new data breach research report is out, and it is a good read.  This is the annual Experian/Ponemon Institute “Is Your Company Ready for a Big Data Breach?” report.  I want to focus on one of the findings in that report; that most organizations are not willing to assist those affected by a breach of their personal information. (more…)