Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

October 2, 2009

Proposed HIPAA Privacy Rule Change Explicitly Makes Genetic Info PHI

An important element of data protection compliance is knowing, identifying and inventorying the applicable information...

 
Continue reading Proposed HIPAA Privacy Rule Change Explicitly Makes Genetic Info PHI...

Tags:                              
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Information Security, Laws & Regulations, Privacy and Compliance | Permalink | Comments (0)

September 30, 2009

Privacy For The Deceased

Late last month I posted, "HIPAA/HITECH Breach Notice Rule: Applies To PHI of Deceased Individuals + Training A Key Element" and since then I've had around half a dozen or so folks ask me to write about privacy for the deceased...

 
Continue reading Privacy For The Deceased...

Tags:                                  
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Privacy and Compliance | Permalink | Comments (0)

September 25, 2009

10 Smart Grid Consumer-to-Utility Privacy Concerns; Are There More?

I have had the great opportunity to participate in the NIST Smart Grid privacy standards group since July...

 
Continue reading 10 Smart Grid Consumer-to-Utility Privacy Concerns; Are There More?...

Tags:                                    
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Information Security, Privacy and Compliance | Permalink | Comments (2)

September 23, 2009

Don't Throw Your Privacy Out The Window; Know How Your PII Is Used

A couple of week's ago I had the great opportunity and pleasure to speak with the both equally delightful and brilliant Anyck Turgeon and Scott Draughon on MyTechnologyLawyer.com about "Is encryption enough to achieve privacy?"

The feedback and followup to that show was spectacular! I got a ton of questions as a result. I will answer some of them here in the coming days. Here is the first...

 
Continue reading Don't Throw Your Privacy Out The Window; Know How Your PII Is Used...

Tags:                        
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Information Security, Privacy and Compliance | Permalink | Comments (0)

September 21, 2009

How To Do Privacy Impact Assessments

Last week I was very fortunate to be able to speak at the IAPP Privacy Academy in Boston...

 
Continue reading How To Do Privacy Impact Assessments...

Tags:                                
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Information Security, Privacy and Compliance | Permalink | Comments (0)

September 14, 2009

What Happens To Privacy During Pandemics?

I am talking to increasing numbers of privacy and information security pros who are concerned about not only getting their pandemic plans in place, but also wanting to know what kinds of privacy issues need to be addressed within the plans.

 
Continue reading What Happens To Privacy During Pandemics?...

Tags:                                  
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Information Security, Privacy and Compliance | Permalink | Comments (0)

September 10, 2009

Is Encryption Enough to Achieve Privacy?

Of course the answer is no. But there are many reasons! Tune in this afternoon at 4:00pm Pacific time to hear Anyck Turgeon, Scott Draughon and me discuss this topic and talk about encryption laws and the impacts to privacy. Here is the information about the event...

 
Continue reading Is Encryption Enough to Achieve Privacy?...

Tags:                                  
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Information Security, Laws & Regulations, Privacy Incidents | Permalink | Comments (0)

September 9, 2009

HITECH Impacts Over 734,178 "Small Business" HIPAA Covered Entities

The Department of Health and Human Services (HHS) 45 CFR Parts 160 and 164: "Breach Notification for Unsecured Protected Health Information; Interim Final Rule" (Breach Notice Rule) has been written about a lot. But much of what is written overlooks some of the very interesting prologue within that document that is very important to consider to frame the context within which the regulation was written...

 
Continue reading HITECH Impacts Over 734,178 "Small Business" HIPAA Covered Entities...

Tags:                              
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Laws & Regulations, Privacy and Compliance | Permalink | Comments (0)

September 4, 2009

HITECH Act Virtual ToC

This was another very busy week, and I didn't have a chance to post as much as I would have liked. Part of what kept me busy was an unusually increased amount of email...

 
Continue reading HITECH Act Virtual ToC...

Tags:                              
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Information Security, Laws & Regulations, Privacy and Compliance | Permalink | Comments (0)

August 31, 2009

HHS & FTC Breach Notice Rules: First Time NIST Standards Specifically Referenced

The Department of Health and Human Services (HHS) issued their interim final rule for breach notification standards on August 19. Federal Trade Commission (FTC) issued their final rule of breach notification standards on August 17. The HHS rule covers all healthcare covered entities (CEs) and business associates (BAs). The FTC rule covers all personal health record (PHR) vendors and their service providers...

 
Continue reading HHS & FTC Breach Notice Rules: First Time NIST Standards Specifically Referenced ...

Tags:                              
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Laws & Regulations, Privacy and Compliance | Permalink | Comments (0)

View All Entries for March

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for the past two decades. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the world's best privacy experts and on their list of the best privacy consulting firms in both 2007 and 2008. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 13th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.