tag:www.realtime-itcompliance.com,2010://1 2009-11-29T00:41:38Z The Realtime IT Compliance Community is an objective source for information related to IT Compliance, regulations, information security, and data protection. The community provides a wide range of resources including blogs, articles, white papers, forums and podcast as well as links to external resources. Movable Type 4.1 tag:www.realtime-itcompliance.com,2009://1.1054 2009-11-28T23:42:04Z 2009-11-29T00:41:38Z

Sorry to be so tardy in getting a blog post out. As many of you know I've been working with the NIST Smart Grid Privacy Subgroup since late June. The work done for this group is through time volunteered by all involved. As a quick recap, I led the privacy impact assessment (PIA) for the consumer-to-utility portion of the planned smart grid during the late June to late August/early September time frame. On Friday, 11/20, I provided an update on our NIST groups activities during the Gridwise Alliance phone conference; perhaps some of you were on that call? Here are...

Rebecca Herold http://www.realtime-itcompliance.com Sorry to be so tardy in getting a blog post out. As many of you know I've been working with the NIST Smart Grid Privacy Subgroup since late June. The work done for this group is through time volunteered by all involved. As a quick recap, I led the privacy impact assessment (PIA) for the consumer-to-utility portion of the planned smart grid during the late June to late August/early September time frame. On Friday, 11/20, I provided an update on our NIST groups activities during the Gridwise Alliance phone conference; perhaps some of you were on that call? Here are... tag:www.realtime-itcompliance.com,2009://1.1053 2009-11-09T22:12:48Z 2009-11-10T16:20:17Z

I've had about half a dozen folks ask me how things are going with the work I'm doing with the NIST Smart Grid privacy group, and if I could provide an update since my last couple of posts on the topic here and here. The time is going by much too quickly, and I am getting a bit nervous as we get closer to when we need to have the next draft of the NISTIR ready, tentatively set for December 31; there is so much more to do in this VOLUNTEER group effort......

Rebecca Herold http://www.realtime-itcompliance.com I've had about half a dozen folks ask me how things are going with the work I'm doing with the NIST Smart Grid privacy group, and if I could provide an update since my last couple of posts on the topic here and here. The time is going by much too quickly, and I am getting a bit nervous as we get closer to when we need to have the next draft of the NISTIR ready, tentatively set for December 31; there is so much more to do in this VOLUNTEER group effort...... tag:www.realtime-itcompliance.com,2009://1.1052 2009-11-06T01:29:30Z 2009-11-06T01:45:34Z

Over the years there have been many...too many...instances where doctors have performed the wrong types of surgeries on patients, and even the wrong surgeries on completely wrong patients......

Rebecca Herold http://www.realtime-itcompliance.com Over the years there have been many...too many...instances where doctors have performed the wrong types of surgeries on patients, and even the wrong surgeries on completely wrong patients...... tag:www.realtime-itcompliance.com,2009://1.1051 2009-10-30T00:05:48Z 2009-10-30T13:55:16Z

The HHS released HITECH Act Enforcement Interim Final Rule today......

Rebecca Herold http://www.realtime-itcompliance.com The HHS released HITECH Act Enforcement Interim Final Rule today...... tag:www.realtime-itcompliance.com,2009://1.1050 2009-10-21T16:07:10Z 2009-10-21T16:20:22Z

I was recently asked several questions about my work with the NIST Smart Grid privacy group and associated issues. Here are a couple of those questions, and my answers to them......

Rebecca Herold http://www.realtime-itcompliance.com I was recently asked several questions about my work with the NIST Smart Grid privacy group and associated issues. Here are a couple of those questions, and my answers to them...... tag:www.realtime-itcompliance.com,2009://1.1049 2009-10-14T13:49:45Z 2009-10-14T14:02:27Z

I've been feeling bad about not posting to my blog as often as I have historically......

Rebecca Herold http://www.realtime-itcompliance.com I've been feeling bad about not posting to my blog as often as I have historically...... tag:www.realtime-itcompliance.com,2009://1.1048 2009-10-09T00:33:00Z 2009-10-09T00:42:23Z

Since just before HIPAA went actively into effect I've done a lot of HIPAA compliance work for covered entities (CEs). In the past few years I've done around 200 business associate (BA) information security and program reviews for just one CE, and these don't even scratch the surface for how many BAs each CE has......

Rebecca Herold http://www.realtime-itcompliance.com Since just before HIPAA went actively into effect I've done a lot of HIPAA compliance work for covered entities (CEs). In the past few years I've done around 200 business associate (BA) information security and program reviews for just one CE, and these don't even scratch the surface for how many BAs each CE has...... tag:www.realtime-itcompliance.com,2009://1.1047 2009-10-07T00:14:16Z 2009-10-07T00:26:34Z

Last month I had the great pleasure of being a guest on Scott Draughon and Anyck Turgeon's MyTechnologyLawyer.com radio show for a segment entitled, "Is encryption enough to achieve privacy?" I was pleasantly surprised to see a large number of great follow-up questions following the show! I covered one of them in my post, "Don't Throw Your Privacy Out The Window; Know How Your PII Is Used" Here are a couple more of those many questions I want to answer in this post......

Rebecca Herold http://www.realtime-itcompliance.com Last month I had the great pleasure of being a guest on Scott Draughon and Anyck Turgeon's MyTechnologyLawyer.com radio show for a segment entitled, "Is encryption enough to achieve privacy?" I was pleasantly surprised to see a large number of great follow-up questions following the show! I covered one of them in my post, "Don't Throw Your Privacy Out The Window; Know How Your PII Is Used" Here are a couple more of those many questions I want to answer in this post...... tag:www.realtime-itcompliance.com,2009://1.1046 2009-10-02T20:00:39Z 2009-10-02T20:17:58Z

An important element of data protection compliance is knowing, identifying and inventorying the applicable information......

Rebecca Herold http://www.realtime-itcompliance.com An important element of data protection compliance is knowing, identifying and inventorying the applicable information...... tag:www.realtime-itcompliance.com,2009://1.1045 2009-09-30T18:43:02Z 2009-09-30T18:58:17Z

Late last month I posted, "HIPAA/HITECH Breach Notice Rule: Applies To PHI of Deceased Individuals + Training A Key Element" and since then I've had around half a dozen or so folks ask me to write about privacy for the deceased......

Rebecca Herold http://www.realtime-itcompliance.com Late last month I posted, "HIPAA/HITECH Breach Notice Rule: Applies To PHI of Deceased Individuals + Training A Key Element" and since then I've had around half a dozen or so folks ask me to write about privacy for the deceased...... tag:www.realtime-itcompliance.com,2009://1.1044 2009-09-25T14:55:54Z 2009-09-25T15:33:45Z

I have had the great opportunity to participate in the NIST Smart Grid privacy standards group since July......

Rebecca Herold http://www.realtime-itcompliance.com I have had the great opportunity to participate in the NIST Smart Grid privacy standards group since July...... tag:www.realtime-itcompliance.com,2009://1.1043 2009-09-23T13:38:53Z 2009-09-23T16:37:24Z

A couple of week's ago I had the great opportunity and pleasure to speak with the both equally delightful and brilliant Anyck Turgeon and Scott Draughon on MyTechnologyLawyer.com about "Is encryption enough to achieve privacy?" The feedback and followup to that show was spectacular! I got a ton of questions as a result. I will answer some of them here in the coming days. Here is the first......

Rebecca Herold http://www.realtime-itcompliance.com A couple of week's ago I had the great opportunity and pleasure to speak with the both equally delightful and brilliant Anyck Turgeon and Scott Draughon on MyTechnologyLawyer.com about "Is encryption enough to achieve privacy?" The feedback and followup to that show was spectacular! I got a ton of questions as a result. I will answer some of them here in the coming days. Here is the first...... tag:www.realtime-itcompliance.com,2009://1.1042 2009-09-21T23:22:27Z 2009-09-21T23:41:45Z

Last week I was very fortunate to be able to speak at the IAPP Privacy Academy in Boston......

Rebecca Herold http://www.realtime-itcompliance.com Last week I was very fortunate to be able to speak at the IAPP Privacy Academy in Boston...... tag:www.realtime-itcompliance.com,2009://1.1041 2009-09-14T23:45:11Z 2009-09-14T23:53:09Z

I am talking to increasing numbers of privacy and information security pros who are concerned about not only getting their pandemic plans in place, but also wanting to know what kinds of privacy issues need to be addressed within the plans....

Rebecca Herold http://www.realtime-itcompliance.com I am talking to increasing numbers of privacy and information security pros who are concerned about not only getting their pandemic plans in place, but also wanting to know what kinds of privacy issues need to be addressed within the plans.... tag:www.realtime-itcompliance.com,2009://1.1040 2009-09-10T12:58:58Z 2009-09-10T13:02:14Z

Of course the answer is no. But there are many reasons! Tune in this afternoon at 4:00pm Pacific time to hear Anyck Turgeon, Scott Draughon and me discuss this topic and talk about encryption laws and the impacts to privacy. Here is the information about the event......

Rebecca Herold http://www.realtime-itcompliance.com Of course the answer is no. But there are many reasons! Tune in this afternoon at 4:00pm Pacific time to hear Anyck Turgeon, Scott Draughon and me discuss this topic and talk about encryption laws and the impacts to privacy. Here is the information about the event......