De-identification is a great privacy tool for all types of businesses, of all sizes. If you have personal data that you want to use for research, marketing, testing applications, statistical trending or some other legitimate purpose, but you don’t need to know the specific individuals involved in order to meet your goals, then you should consider de-identifying the personal data. Even though it sounds complicated there are many good methods you can use to accomplish de-identification. And the great thing is, (more…)
Posts Tagged ‘Rebecca Herold’
6 Good Reasons to De-Identify Data
Friday, March 30th, 2012Encryption: Myths and Must Knows
Friday, March 2nd, 2012I am looking forward to the day when we can look at the news headlines and not see some report about a lost or stolen computing device or storage device that contained unencrypted personal information and/or other sensitive information. And, I also want to stop seeing stories reappear about such an incident, such as the stolen NASA laptop with the clear text Space Station control codes that was stolen last year, but is making the headlines yet again today. NASA is a large enough, and tech savvy enough, organization to know better! However, there are many organizations that simply don’t understand what a valuable information security tool encryption is. I work with many small to medium sized businesses (SMBs), all of which have legal obligations (such as through HIPAA and HITECH, along with contractual requirements) to protect sensitive information, such as personal information. Over the past year I’ve heard way too many of them make remarks such as… (more…)
Is A W-2 PHI?
Monday, February 27th, 2012“Is a W-2 form protected health information?” is a simple question with a complex answer that begins (I know, to the nail-biting chagrin of many), “It depends…”
First the full question: (more…)
High Tech and Low Tech Continue to Bedevil Info Sec and Privacy Practitioners
Sunday, January 8th, 2012When looking ahead to what may happen in this new year it is necessary to first look back. Not only to 2011, but when making plans to move forward even further back to help make the best decisions moving forward. I do a lot of reading, including many mainstream publications written for the general public. You can see a lot of trends and problems by reading about how the general public is reporting (or not) about them. I also like to read the various publications specific to information security, privacy, compliance and technology to see the backstories and guts of the problems. Looking at all such reports helps to provide a more comprehensive view necessary for making good decisions. (more…)
Make Privacy One of Your 2012 Resolutions
Tuesday, January 3rd, 2012Happy New Year! I hope your year is starting out great. Have you made it to day 3 without breaking any of your resolutions? How about adding one more… (more…)
Do Subpoenas Trump HIPAA and/or Trample Security Of PHI?
Saturday, December 10th, 2011On October 10, 2011, there was a report in the Baltimore Sun, “Law firm loses hard drive with patient records: Attorneys represent St. Joseph cardiologist sued for malpractice.” I posted about the report to one of the LinkedIn groups I participate in, pointing out that this is yet one more example of (more…)
HIPAA/HITECH Compliance Is All or Nothing
Tuesday, August 16th, 2011I’m seeing growing numbers of business associates, particularly those who do technology-based services, expressing the belief that they don’t need to worry about complying with most of HIPAA. I wrote a guest blog post for Credant about this misguided thinking that was published today. I welcome your feedback!
10 Risk-Reducing Actions for Mobile HIPAA/HITECH Compliance
Sunday, June 19th, 2011I’m giving a free webinar sponsored by Sophos this coming Wednesday, June 22: “10 Risk-Reducing Actions for Mobile HIPAA/HITECH Compliance.” Here is more information about it: (more…)
