Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

November 28, 2009

Smart Grid Privacy: Possible Privacy Standards To Address Concerns

Sorry to be so tardy in getting a blog post out. As many of you know I've been working with the NIST Smart Grid Privacy Subgroup since late June. The work done for this group is through time volunteered by all involved.

As a quick recap, I led the privacy impact assessment (PIA) for the consumer-to-utility portion of the planned smart grid during the late June to late August/early September time frame. On Friday, 11/20, I provided an update on our NIST groups activities during the Gridwise Alliance phone conference; perhaps some of you were on that call?

Here are some links showing information about our NIST Smart Grid privacy group's work:

 
Continue reading Smart Grid Privacy: Possible Privacy Standards To Address Concerns...

Tags:                                
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

November 5, 2009

HIPAA And Surveillance In Hospitals

Over the years there have been many...too many...instances where doctors have performed the wrong types of surgeries on patients, and even the wrong surgeries on completely wrong patients...

 
Continue reading HIPAA And Surveillance In Hospitals...

Tags:                                
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

October 29, 2009

CEs and BAs: Be HIPAA/HITECH Compliant Or Pay A Hefty Penalty

The HHS released HITECH Act Enforcement Interim Final Rule today...

 
Continue reading CEs and BAs: Be HIPAA/HITECH Compliant Or Pay A Hefty Penalty...

Tags:                                
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (2) | TrackBacks (0)

October 21, 2009

Smart Grid Privacy: Laws and Implications

I was recently asked several questions about my work with the NIST Smart Grid privacy group and associated issues. Here are a couple of those questions, and my answers to them...

 
Continue reading Smart Grid Privacy: Laws and Implications...

Tags:                              
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

October 8, 2009

Who Are Your Business Associates?

Since just before HIPAA went actively into effect I've done a lot of HIPAA compliance work for covered entities (CEs). In the past few years I've done around 200 business associate (BA) information security and program reviews for just one CE, and these don't even scratch the surface for how many BAs each CE has...

 
Continue reading Who Are Your Business Associates?...

Tags:                      
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

October 6, 2009

HIPAA/HITECH Etc. Retention: Does Your Reality = Your Requirements?

Last month I had the great pleasure of being a guest on Scott Draughon and Anyck Turgeon's MyTechnologyLawyer.com radio show for a segment entitled, "Is encryption enough to achieve privacy?"

I was pleasantly surprised to see a large number of great follow-up questions following the show!

I covered one of them in my post, "Don't Throw Your Privacy Out The Window; Know How Your PII Is Used" Here are a couple more of those many questions I want to answer in this post...

 
Continue reading HIPAA/HITECH Etc. Retention: Does Your Reality = Your Requirements?...

Tags:                              
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

October 2, 2009

Proposed HIPAA Privacy Rule Change Explicitly Makes Genetic Info PHI

An important element of data protection compliance is knowing, identifying and inventorying the applicable information...

 
Continue reading Proposed HIPAA Privacy Rule Change Explicitly Makes Genetic Info PHI...

Tags:                              
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

September 10, 2009

Is Encryption Enough to Achieve Privacy?

Of course the answer is no. But there are many reasons! Tune in this afternoon at 4:00pm Pacific time to hear Anyck Turgeon, Scott Draughon and me discuss this topic and talk about encryption laws and the impacts to privacy. Here is the information about the event...

 
Continue reading Is Encryption Enough to Achieve Privacy?...

Tags:                                  
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

September 9, 2009

HITECH Impacts Over 734,178 "Small Business" HIPAA Covered Entities

The Department of Health and Human Services (HHS) 45 CFR Parts 160 and 164: "Breach Notification for Unsecured Protected Health Information; Interim Final Rule" (Breach Notice Rule) has been written about a lot. But much of what is written overlooks some of the very interesting prologue within that document that is very important to consider to frame the context within which the regulation was written...

 
Continue reading HITECH Impacts Over 734,178 "Small Business" HIPAA Covered Entities...

Tags:                              
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

September 4, 2009

HITECH Act Virtual ToC

This was another very busy week, and I didn't have a chance to post as much as I would have liked. Part of what kept me busy was an unusually increased amount of email...

 
Continue reading HITECH Act Virtual ToC...

Tags:                              
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

Search

line

Library Resources

line
line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for the past two decades. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the world's best privacy experts and on their list of the best privacy consulting firms in both 2007 and 2008. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 13th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.