Archive | August, 2013

Missing the real opportunity of Manning and Snowden

The common reaction is an almost knee-jerk demand for more, stricter controls. In most cases, these controls won’t work. If we want people engaged in the process, we need to let them take responsibility. We need to develop transparent systems and demystify what happens. It’s time to reinforce that if something doesn’t “feel right,” stepping […]

Continue Reading

HIPAA Audit Tips – Providers and Health Plans Perform Poorly in HIPAA Audits

Recent data released by the US Department of Health and Human Services Office for Civil Rights (OCR) show that providers account for more than two-thirds of all HIPAA Audit Findings and Observations in seven of the eight categories reviewed, and more than half in the category. Health plans don’t perform well either, accounting for between 25% and 38% of reported findings and observations. Here’s today’s big tip – Go to school on 2012 OCR Audits!

Continue Reading

HIPAA Risk Analysis Tip – HIPAA Risk Analysis Buyer’s Guide Checklist

Just returning from the 2013 International Association of Privacy Professionals (IAPP) Global Privacy Summit in DC last week, we were privileged to hear the very latest updates from Office for Civil Rights (OCR) officials Director Leon Rodriguez, Deputy Director Sue McAndrew and leaders Linda Sanches and Verne Rinker. The presentations made by the OCR officials at the 2013 IAPP Global Privacy Summit focused on Omnibus Final Rule changes and the summary information from the 2012 OCR HIPAA Audit Program.

Continue Reading

Google Authenticator Weaknesses

Earlier this year, we  submitted a bug to Google for the Google Authenticator app on Android. Basically, the bug we submitted is that the secret key (the private code that when combined with an accurate source of time creates the one-time-use codes for use with Google’s open-sourced two factor authentication) is stored in the clear on […]

Continue Reading

Guided Tour of the Clearwater HIPAA Security Assessment™ Software

Are you in compliance with the HIPAA Security Final Rule? If you are looking for a hipaa security risk assessment tool, look no further! In this webinar, you will learn about a powerful compliance Software as a Service that will enable you to affordably and quickly determine how you stack up against the actual law and focus your improvement efforts.

Continue Reading

Innovation in Two-Factor Authentication

When I first read the article Authy Makes Using Two-Factor Authentication Easier I thought to myself, “why have I never heard of this Authy thing?” After all, we have been covering two-factor  for a while. I went ahead and installed it, and started digging into the application and the company. I even fired off some […]

Continue Reading

(CSO) Designing security awareness for success

Once awareness is established as the realization of actions and impact, it serves as a catalyst for change. Sometimes. To get it right requires a series of steps, and at least three elements. From Translating Security Value at CSO. Exploring the three elements necessary to design a program that connects individuals to impact, leads interest […]

Continue Reading