The common reaction is an almost knee-jerk demand for more, stricter controls. In most cases, these controls won’t work. If we want people engaged in the process, we need to let them take responsibility. We need to develop transparent systems and demystify what happens. It’s time to reinforce that if something doesn’t “feel right,” stepping […]
Archive | August, 2013
Recent data released by the US Department of Health and Human Services Office for Civil Rights (OCR) show that providers account for more than two-thirds of all HIPAA Audit Findings and Observations in seven of the eight categories reviewed, and more than half in the category. Health plans don’t perform well either, accounting for between 25% and 38% of reported findings and observations. Here’s today’s big tip – Go to school on 2012 OCR Audits!
There are many wrong ways and one correct way to conduct a HIPAA Risk Analysis! The foundational risk analysis required at 45 CFR §164.308(a)(1)(ii)(A) is an ongoing requirement. Here’s today’s big TIP – Learn How To Conduct a Bona Fide HIPAA Risk Analysis.
Just returning from the 2013 International Association of Privacy Professionals (IAPP) Global Privacy Summit in DC last week, we were privileged to hear the very latest updates from Office for Civil Rights (OCR) officials Director Leon Rodriguez, Deputy Director Sue McAndrew and leaders Linda Sanches and Verne Rinker. The presentations made by the OCR officials at the 2013 IAPP Global Privacy Summit focused on Omnibus Final Rule changes and the summary information from the 2012 OCR HIPAA Audit Program.
Here are three articles selected to stimulate some thinking — and discussion — on how we might draw on other fields to improve our approach to the practice of security. The three articles this week: What Caffeine Really Does to Your Brain 5 Reasons Why Employees are Your Best Brand Advocates How Diagrams Solve Problems […]
Did you know that privacy violation complaints have increased more than 40 percent since HITECH was enacted in 2009 – and more than 21 million citizens have had their protected health information (PHI) breached?
Earlier this year, we submitted a bug to Google for the Google Authenticator app on Android. Basically, the bug we submitted is that the secret key (the private code that when combined with an accurate source of time creates the one-time-use codes for use with Google’s open-sourced two factor authentication) is stored in the clear on […]
Are you in compliance with the HIPAA Security Final Rule? If you are looking for a hipaa security risk assessment tool, look no further! In this webinar, you will learn about a powerful compliance Software as a Service that will enable you to affordably and quickly determine how you stack up against the actual law and focus your improvement efforts.
When I first read the article Authy Makes Using Two-Factor Authentication Easier I thought to myself, “why have I never heard of this Authy thing?” After all, we have been covering two-factor for a while. I went ahead and installed it, and started digging into the application and the company. I even fired off some […]
Once awareness is established as the realization of actions and impact, it serves as a catalyst for change. Sometimes. To get it right requires a series of steps, and at least three elements. From Translating Security Value at CSO. Exploring the three elements necessary to design a program that connects individuals to impact, leads interest […]