Email Address:
My May issue of "IT Compliance in Realtime" is now available!
The first article I have within this issue is, "Addressing the Insider Threat."
Here is the unformatted text of the article; download the PDF to get the much nicer, prettier, formatted version...
Last week I was contacted by Corey Goodman, a reporter for HCPro, about a story he is doing that sounds like it will be quite interesting! He is collecting examples and anecdotes about "little know HIPAA facts" and asked me to contribute some for his article.
I anticipate that he will be cutting the couple of little known facts I provided to him down quite a bit, so I wanted to provide them here not only as a future reference for myself, but also for those of you who may be interested!
Yet another in a long procession of laptop thefs, "Stolen laptop contains personal info of 2,500 patients".
Here are the first few paragraphs...
Continue reading Yet Another Stolen Laptop With Clear Text Patient PII...
The breach of the presidential candidates' passport files were widely reported over the past few days, such as here and here, not to mention the many postings referencing it as "passport-gate" throughout the blogosphere and the political implications. However, based upon what I've been reading it looks more like the result of a poor, inadequate and vulnerable information security program.
There are many information security and privacy issues involved with this incident. It would make a great case study to use at a joint meeting with your information security, privacy and compliance folks. Some of the questions to include in your discussion could include...
Continue reading Passport Breach: Poor Security Practices Lead To Privacy Breaches ...
The third article in my March e-journal issue of "IT Compliance in Realtime" is "What Business Leaders Need to Know About Privacy Breach Notifications."
Here it is, unformatted:
Continue reading What Business Leaders Need to Know About Privacy Breach Notifications...
The second article in my March e-journal issue of "IT Compliance in Realtime" is "The "Reasonable Belief" of a Privacy Breach."
Here it is, unformatted:
Continue reading The "Reasonable Belief" of a Privacy Breach...
In the past several days Health Net made the news...in ways they would rather not have...
First this on 2/22:
Continue reading Will Bad News Come in 3's For Health Net?...
Too few organizations are prepared to respond to a privacy breach when it happens. Too many naively believe a privacy breach will not happen to them.
It is helpful to look at existing privacy breach notice plans when creating your own. The U.S. government agencies actually provide some good plans you can use as examples.
It shouldn't still amaze me, but it does, how often so many organizations just dump huge amounts of printed paper containing tons of personally identifiable information (PII) right into their dumpster sitting behind their building, in the alley, or some other easily reachable public location.
Here's yet another example of a business throwing away people's privacy in their trash dumpster...
Continue reading Have You Looked In Your Trash Bins Lately?...
Here's a pretty good mainstream news story from CNN to give to your business leaders to raise their awareness and understanding about phishing...
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine