Posts Tagged ‘protected health information’

Encryption: Myths and Must Knows

Friday, March 2nd, 2012

I am looking forward to the day when we can look at the news headlines and not see some report about a lost or stolen computing device or storage device that contained unencrypted personal information and/or other sensitive information.  And, I also want to stop seeing stories reappear about such an incident, such as the stolen NASA laptop with the clear text Space Station control codes that was stolen last year, but is making the headlines yet again today.  NASA is a large enough, and tech savvy enough, organization to know better!  However, there are many organizations that simply don’t understand what a valuable information security tool encryption is.   I work with many small to medium sized businesses (SMBs), all of which have legal obligations (such as through HIPAA and HITECH, along with contractual requirements) to protect sensitive information, such as personal information.  Over the past year I’ve heard way too many of them make remarks such as… (more…)

Is A W-2 PHI?

Monday, February 27th, 2012

“Is a W-2 form protected health information?” is a simple question with a complex answer that begins (I know, to the nail-biting chagrin of many), “It depends…”

First the full question: (more…)

10 Risk-Reducing Actions for Mobile HIPAA/HITECH Compliance

Sunday, June 19th, 2011

I’m giving a free webinar sponsored by Sophos this coming Wednesday, June 22: “10 Risk-Reducing Actions for Mobile HIPAA/HITECH Compliance.”   Here is more information about it: (more…)

HIPAA & Calling Out Full Names In Waiting Rooms

Monday, March 2nd, 2009

Over the years I have done several interviews for articles about HIPAA compliance. I recently did an interview for an HCPro article, “Physician offices: Tackle a different set of privacy training challenges.” (Sorry, this is not publicly posted to my knowledge.)
Well, today I received a message about this article from a clearly agitated reader, whose name (of course) I am not including in the following message…

(more…)

HHS’s New Privacy & Security Framework Based Upon The OECD Privacy Principles

Friday, December 19th, 2008

Earlier this week, the Department of Health and Human Services issued a framework, “Nationwide Privacy and Security Framework For Electronic Exchange of Individually Identifiable Health Information December 15, 2008” for protecting patient privacy and securing medical records, in particular online protected health information (PHI) records.

(more…)

A Stolen Health Insurer’s Laptop With PII Is Not Necessarily A HIPAA Violation

Wednesday, January 30th, 2008

While scanning the news blurb summaries today, the statement, “This is a violation of HIPAA.” caught my eye. Hmm…let’s see what this is about…
This statement was actually within the reader comments to the story, “Blue Cross reports theft of computer.”

(more…)

A Stolen Health Insurer’s Laptop With PII Is Not Necessarily A HIPAA Violation

Wednesday, January 30th, 2008

While scanning the news blurb summaries today, the statement, “This is a violation of HIPAA.” caught my eye. Hmm…let’s see what this is about…
This statement was actually within the reader comments to the story, “Blue Cross reports theft of computer.”

(more…)

Why Would You Trust Microsoft To Store Your Sensitive Health Information?

Thursday, October 4th, 2007

Today Microsoft launched their new web portal, HealthVault to store, for free, “medical histories, immunization and other records from doctors’ offices and hospital visits, including data from devices like heart monitors. It is also tied to a health information search engine the software maker launched last month.”

(more…)

HIPAA & 4 Lessons From an Insider Threat Example: Former Healthcare IT Manager Hacks Into System and Deletes PHI

Monday, September 10th, 2007

There are so many ways in which bad things can happen with the authorized access personnel and business partners have to sensitive data, personally identifiable information (PII), and business systems. Many times the bad things that happen are a result of a lack of awareness of how to properly protect information, a result of mistakes, or a result of malicious intent. Here is just one more example to add to your file of actual insider threat incidents.

(more…)

HIPAA & 4 Lessons From an Insider Threat Example: Former Healthcare IT Manager Hacks Into System and Deletes PHI

Monday, September 10th, 2007

There are so many ways in which bad things can happen with the authorized access personnel and business partners have to sensitive data, personally identifiable information (PII), and business systems. Many times the bad things that happen are a result of a lack of awareness of how to properly protect information, a result of mistakes, or a result of malicious intent. Here is just one more example to add to your file of actual insider threat incidents.

(more…)