Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

November 28, 2009

Smart Grid Privacy: Possible Privacy Standards To Address Concerns

Sorry to be so tardy in getting a blog post out. As many of you know I've been working with the NIST Smart Grid Privacy Subgroup since late June. The work done for this group is through time volunteered by all involved.

As a quick recap, I led the privacy impact assessment (PIA) for the consumer-to-utility portion of the planned smart grid during the late June to late August/early September time frame. On Friday, 11/20, I provided an update on our NIST groups activities during the Gridwise Alliance phone conference; perhaps some of you were on that call?

Here are some links showing information about our NIST Smart Grid privacy group's work:

 
Continue reading Smart Grid Privacy: Possible Privacy Standards To Address Concerns...

Tags:                                
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Information Security, Laws & Regulations, Privacy and Compliance | Permalink | Comments (0)

November 9, 2009

15 Smart Grid Privacy Concerns + Other Smart Grid Thoughts

I've had about half a dozen folks ask me how things are going with the work I'm doing with the NIST Smart Grid privacy group, and if I could provide an update since my last couple of posts on the topic here and here.

The time is going by much too quickly, and I am getting a bit nervous as we get closer to when we need to have the next draft of the NISTIR ready, tentatively set for December 31; there is so much more to do in this VOLUNTEER group effort...

 
Continue reading 15 Smart Grid Privacy Concerns + Other Smart Grid Thoughts...

Tags:                                
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Privacy and Compliance | Permalink | Comments (2)

November 5, 2009

HIPAA And Surveillance In Hospitals

Over the years there have been many...too many...instances where doctors have performed the wrong types of surgeries on patients, and even the wrong surgeries on completely wrong patients...

 
Continue reading HIPAA And Surveillance In Hospitals...

Tags:                                
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Information Security, Laws & Regulations, Privacy and Compliance | Permalink | Comments (0)

October 29, 2009

CEs and BAs: Be HIPAA/HITECH Compliant Or Pay A Hefty Penalty

The HHS released HITECH Act Enforcement Interim Final Rule today...

 
Continue reading CEs and BAs: Be HIPAA/HITECH Compliant Or Pay A Hefty Penalty...

Tags:                                
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Laws & Regulations, Privacy and Compliance | Permalink | Comments (2)

October 21, 2009

Smart Grid Privacy: Laws and Implications

I was recently asked several questions about my work with the NIST Smart Grid privacy group and associated issues. Here are a couple of those questions, and my answers to them...

 
Continue reading Smart Grid Privacy: Laws and Implications...

Tags:                              
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Information Security, Laws & Regulations, Privacy and Compliance | Permalink | Comments (0)

October 14, 2009

6 Critical Factors for Effective Information Security & Privacy Policies

I've been feeling bad about not posting to my blog as often as I have historically...

 
Continue reading 6 Critical Factors for Effective Information Security & Privacy Policies...

Tags:                      
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Information Security, Privacy and Compliance | Permalink | Comments (0)

October 8, 2009

Who Are Your Business Associates?

Since just before HIPAA went actively into effect I've done a lot of HIPAA compliance work for covered entities (CEs). In the past few years I've done around 200 business associate (BA) information security and program reviews for just one CE, and these don't even scratch the surface for how many BAs each CE has...

 
Continue reading Who Are Your Business Associates?...

Tags:                      
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Information Security, Laws & Regulations, Privacy and Compliance | Permalink | Comments (0)

October 6, 2009

HIPAA/HITECH Etc. Retention: Does Your Reality = Your Requirements?

Last month I had the great pleasure of being a guest on Scott Draughon and Anyck Turgeon's MyTechnologyLawyer.com radio show for a segment entitled, "Is encryption enough to achieve privacy?"

I was pleasantly surprised to see a large number of great follow-up questions following the show!

I covered one of them in my post, "Don't Throw Your Privacy Out The Window; Know How Your PII Is Used" Here are a couple more of those many questions I want to answer in this post...

 
Continue reading HIPAA/HITECH Etc. Retention: Does Your Reality = Your Requirements?...

Tags:                              
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Laws & Regulations, Privacy and Compliance | Permalink | Comments (0)

View Last Ten Entries

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for the past two decades. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the world's best privacy experts and on their list of the best privacy consulting firms in both 2007 and 2008. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 13th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.