Just last week, a friend pointed out to me that only drugs and information technology (IT) have “users.” A week before that, a colleague was explaining his challenge of creating a security awareness program in a firm that “operated less like a business and more like a law firm.” Specifically, the big-dollar revenue producers in […]
Archive | March, 2013
As power is restored throughout the Northeast in the wake of Hurricane Sandy, 1000s of businesses are now without their lifeblood – data! Unfortunately for businesses and consumers everywhere, we’ve seen this happen again as the Seven Deadly Sins of Data Backup are once again exposed:
HIPAA enforcement is on the upswing and the consequences are serious. Join us for the free informative webinar “How to Prepare for the HIPAA Audits.” If you receive, store, process or transmit ePHI and/or depend on others who do so, no matter where you are in your compliance journey, you should view this webinar on How to Prepare for the HIPAA Audits.
This article describes the HIPAA information access management requirements for accessing electronic protected health information. The relevant subsection of the HIPAA law is §164.308(a)(4). Section §164.308 of the Health Insurance Portability and Accountability Act describes the administrative safeguards that a covered entity must employ. This article will explore section §164.308(a)(4), which deals with ensuring that […]
We recently reported that The National Institute of Standards and Technology (NIST) has published Special Publication 800-30 Revision 1 Guide for Conducting Risk Assessments. This past week, Healthcare InfoSecurity’s Eric Chabrow, interviewed Dr. Ron Ross, the father of the NIST Security Framework and author of most of NIST’s risk management Special Publications. Here’s today’s big tip – Learn from Dr. Ross ! …learn more…
The moment we judge someone, we forfeit the ability to help. Seems like a lot of what is being promulgated in so-called “security awareness” today is nothing short of berating people with a never-ending list of things not to do, coupled with a shorter, non-intuitive list of what to do. When these lists predictably fail to […]
Are you prepared in the event of a data breach affecting your organization? Do you know the regulations? Can you conduct accurate and timely incident risk assessment? Are you ready to provide required notifications & OCR’s request for information? …Learn how to do either in our recent webinar… Download Presentation Materials and View recorded version now…
The National Institute of Standards and Technology (NIST) has published Special Publication 800-30 Revision 1 Guide for Conducting Risk Assessments. Of course, HHS/OCR Guidance on completing a Risk Analysis points to / relies on a the NIST Security Framework. Here’s today’s big tip – Learn to do a HIPAA Risk Analysis the right way! …learn more…
So, what’s new? Nothing… Risk Analysis, Policies & Procedures, Unencrypted Laptops, Security Incident Response and Reporting, Access Control, Device & Media Control — Hey, it’s starting to look like the HIPAA Security Rule. Here’s today’s big tip – Learn, Again, From an HHS Settlement Agreement!
The first step toward building a successful security awareness program is to understand the concept of awareness, how to define security awareness, and how that impacts the business in a way that makes sense to support.