Archive | September, 2011

Breach Notification Planning Tips – Three Biggest Gaps

The interim final breach notification rule, now in effect, requires Covered Entities to report breaches to federal authorities as well as those affected. With the number of breaches growing on the HHS “Wall of Shame”, and over 3% of the American public having Protected Health Information impermissably disclosed, organizations are now focusing their efforts on preventing breaches.

Continue Reading

HIPAA HITECH Omnibus Final Rulemaking – NIST / OCR HIPAA Conference

OK, it may not turn out to be a “party” Omnibus, but it’s what is happening. In her Tuesday, May 10th presentation, Sue McAndrew, JD and deputy director for health information privacy in the HHS Office for Civil Rights discussed the status of regulatory activities around several outstanding regulations. I asked when the final rulemaking was expected to be completed.

Continue Reading

Best Practices from Leading Security Executives

With our primary focus on HIPAA and HITECH compliance, it is not often that we discuss non-healthcare security breaches. However, a recent article by healthcareinfosecurity.com sheds light on significant breaches outside of healthcare and offers great advice by two global CSIO leaders that can apply to any industry.

Continue Reading

OCR Calls for “Culture of Compliance” – NIST / OCR HIPAA Conference

Sue McAndrew, JD and David S. Holtzman, JD (Office for Civil Rights / Health Information Privacy Division) both called for a “Culture of Compliance” at the May 10-11 NIST/OCR HIPAA Security Conference in Washnington. The concept of a “culture of compliance” is not new in the risk management and regulatory compliance world, but seems to be a new term for health care. Learn what they mean…

Continue Reading

The (HHS HIPAA/HITECH) Honeymoon is Over.

(“Reprinted with permission, copyright 2011 ID Experts, All Rights Reserved)

Last year, in accordance with the requirements of the HITECH Act, the HHS Office for Civil Rights (OCR) established a network of regional investigators and began conducting investigations to ensure HIPAA compliance. Last fall we reported that in our experience, the outcome of these investigations tended to be positive for those organizations making an honest effort to comply. While OCR may have taken practiced forbearance as providers came up to speed on HIPAA compliance programs, recent announcements by HHS reveal that the grace period is over and organizations that aren’t ready to comply can now expect to face stiff penalties.

Continue Reading

Tips for Small Businesses from a Cyber Security Expert

The Internet offers small businesses a competitive advantage in a tough market thanks to the exposure they receive online. However, while they can compete with larger businesses online in terms of marketing and visibility, their IT budgets and security efforts simply can’t keep up. Cybercriminals realize that small businesses are easy targets because they are […]

Continue Reading

Security Expert Advice: Choosing Strong Passwords

So far, 2011 has been a big year for cyber-attacks. American businesses and the United States government were the targets of hackers who stole credit card information, took down websites, and deleted military files. These attacks sent companies and government agencies scrambling to explain how their data was stolen, compromised, or lost. It also forced […]

Continue Reading