Posts Tagged ‘privacy’

« Older Entries
Newer Entries »

Is A W-2 PHI?

Monday, February 27th, 2012

“Is a W-2 form protected health information?” is a simple question with a complex answer that begins (I know, to the nail-biting chagrin of many), “It depends…”

First the full question: (more…)

Tags:, , , , , , , , , , , , , , , , , , ,
Posted in BA, CE, HIPAA, HITECH | No Comments »

Is Information Found Online Legally Fair Game To Use For Marketing?

Tuesday, January 24th, 2012

Social media sites are booming.  The amount of personal information folks are choosing to post to them, such as photos, videos, original stories, thoughts, gossip, and so on, is exploding.  Marketers are drooling at the prospect of using all that “free” information.  Well, it’s really not free, folks. (more…)

Tags:, , , , , , , , , , , ,
Posted in Marketing | No Comments »

High Tech and Low Tech Continue to Bedevil Info Sec and Privacy Practitioners

Sunday, January 8th, 2012

When looking ahead to what may happen in this new year it is necessary to first look back.  Not only to 2011, but when making plans to move forward even further back to help make the best decisions moving forward.   I do a lot of reading, including many mainstream publications written for the general public.  You can see a lot of trends and problems by reading about how the general public is reporting (or not) about them.   I also like to read the various publications specific to information security, privacy, compliance and technology to see the backstories and guts of the problems.  Looking at all such reports helps to provide a more comprehensive view necessary for making good decisions. (more…)

Tags:, , , , , , , , , , , , , , , ,
Posted in Information Security, mobile computing, privacy | No Comments »

Make Privacy One of Your 2012 Resolutions

Tuesday, January 3rd, 2012

Happy New Year!  I hope your year is starting out great.  Have you made it to day 3 without breaking any of your resolutions?  How about adding one more… (more…)

Tags:, , , , , , , , , , ,
Posted in privacy, Training & awareness | No Comments »

Do Subpoenas Trump HIPAA and/or Trample Security Of PHI?

Saturday, December 10th, 2011

On October 10, 2011, there was a report in the Baltimore Sun, “Law firm loses hard drive with patient records: Attorneys represent St. Joseph cardiologist sued for malpractice.” I posted about the report to one of the LinkedIn groups I participate in, pointing out that this is yet one more example of (more…)

Tags:, , , , , , , , , , , , , , , , , ,
Posted in BA, CE, healthcare, HIPAA, HITECH, Information Security, Laws & Regulations, privacy, Privacy and Compliance | 6 Comments »

Auditing Patient Records Survey Results

Saturday, September 10th, 2011

There are no specific requirements that the Department of Health and Human Services provide with regards to how often to perform patient records audits (understandably so, since it should be based upon an organization’s own risk environment), and so many healthcare providers wonder what others are doing, or what is “standard” practice.  So, to help determine this, from mid- to late-August (two weeks) I posted a very short, completely unscientific, survey specifically to get a feel for what some other hospitals and clinics are doing with regard to auditing patient records access and disclosures, as required by HIPAA.  Here are the results… (more…)

Tags:, , , , , , ,
Posted in healthcare, HIPAA, HITECH, Privacy and Compliance | No Comments »

UCLA Health System Pays $865K to Settle Celebrity Privacy HIPAA Violations

Friday, July 8th, 2011

Here’s yet another HIPAA violations penalty to add to what seems to be a quickly growing list.  In this case it was a violation of the minimum necessary access principle, in addition to providing the information to reporters, who then published the information.  And, it is likely based upon the required actions that go beyond the fine, that the policies, procedures, training, awareness, and access logging processes was lacking as well. (more…)

Tags:, , , , , , , , , , , , , , , , , , ,
Posted in CE, healthcare, HIPAA, HITECH, Information Security, Laws & Regulations, Non-compliance Sanctions Examples, privacy, Privacy and Compliance, Privacy Incidents | 4 Comments »

10 Risk-Reducing Actions for Mobile HIPAA/HITECH Compliance

Sunday, June 19th, 2011

I’m giving a free webinar sponsored by Sophos this coming Wednesday, June 22: “10 Risk-Reducing Actions for Mobile HIPAA/HITECH Compliance.”   Here is more information about it: (more…)

Tags:, , , , , , , , , , , , , , ,
Posted in BA, CE, healthcare, HIPAA, HITECH, Information Security, Laws & Regulations, mobile computing, privacy, Privacy and Compliance | 1 Comment »

Don’t Let School Break Be A Privacy Break-In!

Friday, June 3rd, 2011

A couple of days ago I published my monthly Privacy Professor Tips message, “Summer Break-in.”  I provide these tips free to anyone who wants to sign up for it on my web site and fills out one of the boxes that says, (more…)

Tags:, , , , , , , , , , , , , , , ,
Posted in Information Security, Laws & Regulations, privacy, Privacy and Compliance, Training & awareness | No Comments »

Designated Record Sets: Know What They Are! (AD NPRM Discussion #1)

Thursday, June 2nd, 2011

My last blog post provided a preliminary overview of the Accounting of Disclosures Notice of Proposed Rulemaking (AD  NPRM).  I got a lot of questions as a result directly, in addition to the blog comments. When trying to understand regulations, and how to put them into practice within an organization, I’ve found it is best to break them down into bite-sized chunks, starting from the basics and building from there.  Today I want to spend a little time looking at what makes up a “designated record set,” or DRS, since the access report requirement is specific to accesses to DRS’s… (more…)

Tags:, , , , , , , , , , , , , , , , , , , ,
Posted in BA, CE, healthcare, HIPAA, HITECH, Laws & Regulations, Privacy and Compliance | 1 Comment »

« Older Entries
Newer Entries »