HIPAA-HITECH Factoid: Over 50% of the 8.2 million individuals' breached records on the HHS "Wall of Shame" would not have been reported if organizations had used encryption! The Breach Notification for Unsecured Protected Health Information: Interim Final Rule provides the equivalent of safe harbor (no need to report!) if the PHI disclosed was "secured PHI". Encryption […]
Archive | June, 2011
In today’s business world, nearly everyone is connected to the internet in some way, shape or form. It’s virtually unavoidable. Businesses conduct majority of their operations online and through electronic mediums. Whether you walk into a store and make a purchase with a credit card or decide to engage in an online transaction between two […]
The just released 2010 Annual Study: U.S. Cost of a Data Breach tracks the increasing cost of organizational data breaches; up for the fifth year in a row. Based on the actual data breach experience of 51 U.S. companies in 15 industry sectors, it reveals the average organizational cost of a data breach increased to […]
Ya think! We think so. We really, really believe that the fun is over! In case you've been out of the country for the last several months, you might want to catch up on some recent developments that have signaled the increased seriousness with which OCR is enforcing the HIPAA privacy rule:
Ah yes, copiers, the workhorse of American healthcare covered entities, business associates and subcontractors — your insurance card, your drivers' license, your lab reports, your meds, etc, etc.. Do you happen to know if you are storing Protected Health Information on your copiers? Surprise! You probably are!
TMG 2010 does a great job of securing your network, and can exercise very precise control of internal users’ access to the Internet when it comes to ports and protocols, file access, etc., but unfortunately it cannot do anything to control bandwidth consumption. Whether you call it traffic shaping, bandwidth restrictions, rate limiting, or speed […]
Security throughout a company’s network, websites and business dealings has become even more critical than even just a few years ago; with different hackers and criminals trying to break through one’s network security at any given time, both your employees and your customers expect that their secure information is to be the highest priority. If […]
If, somehow, there is still any doubt about HIPAA-HITECH enforcement being on the upswing, please take a moment to review this new web page on the Office for Civil Rights website: HIPAA Enforcement Training for State Attorneys General. Hope that HIPAA enforcement is going away is not a sound business risk management strategy. For many […]
Yesterday’s NY Times, Milt Freudenheim joined a long line of journalists jumping on the HIPAA HITECH bandwagon in his article entitled “Breaches Lead to Push to Protect Medical Data”. I was, of course, tickled to read the opening two sentences … “Federal health officials call it the Wall of Shame. It’s a government Web page that lists nearly 300 hospitals, doctors and insurance companies that have reported significant breaches of medical privacy in the last couple of years.” In our March 2010 eNewsletter, we coined the term “Wall of Shame” and are pleased to see that Federal Officials and the NY Times find it an apropos term for the data breachers who have actually convinced themselves they created sigficant risk-of-harm for individuals affected by the breach!