Does HIPAA Require Forensics Investigation?

The HealthcareIT News, recently interviewed me 5 Reasons to Use Forensics, for an article about the reasons for using digital forensics as an investigation tool when an electronic incident is discovered. There's a mystery about the term computer forensics since to many non-geeks, forensics can be hard to grasp.

Using digital forensics after a data breach can save your organization $

The ID Experts Data Breach Examiner recently published an interesting article on the key benefits of performing a forensics investigation. I found several of the cost-saving benefits surprising. I have highlighted a couple of the keys points below.

Is Determining What Caused a Security Breach More Art Than Science?

The recent media reports on the Global Payments data breach point to this being more art than science. The May 4, 2012 WSJ article also reported the potential for more wide spread risk to as many as 7 million card holders versus the original 1.5 million affected.

It seems detecting and determining the number of people affected is difficult, even when significant resources and effort is being applied. Data breaches like the one Global Payments discovered typically are complex due to technical, regulatory, legal, reputational, operational, and financial risk.

Here are three suggestions for organizations that face complex data security breaches.

How Do You Prefer Your HIPAA Enforcement—Light or Jolt?

You heard it right—OCR is moving from HIPAA Light to HIPPA Jolt. A description fit for a trendy new marketing campaign—that's how David Holtzman, OCR's Health Information Privacy Specialist, described the shift in OCR's enforcement vision under the agency's new director's leadership in this week's HCCA 16th Annual Conference in Las Vegas.

Houston We Have a Problem

Yesterday at the HCCA Institute Conference, Jennifer Edlind from the University Hospitals Health System and Paula Moran from Massachusetts General, jointly presented a session on data breach response. They noted that such as was the case with NASA when facing the Apollo 13 crisis, HOW an organization responds to a data breach crisis make all the difference and turn a difficult situation into one's "finest hour".

OCR Privacy Enforcement Trends-Be Careful with your Cloud-based Applications

Presenting today at the HCCA Compliance Institute, David Holtzman from OCR is discussing trends in enforcement and regulation by his organization. He noted their recent changeover in leadership, and that the new director’s “vision is for enhanced enforcement.”

Preview: HCCA Advanced Discussion Group: Pre-Data Breach Preparation and Post-Data Breach Response

Marie Moseley, Regulatory Affairs/Privacy Officer of Vidant Health and I are really excited about our advanced discussion group meetings at the upcoming HCCA conference in Las Vegas on April 29th through May 2nd.

Our topic is pre-data breach preparation and post-data breach response. Our objective will be to engage our audience in a lively discussion and exchange of information - learning advanced tips from each other.

Some things to think about before attending our session:

Placing a Winning Bet on the HCCA’s Hot Topics in Privacy & Security Session

The HCCA 16^th annual conference is fast approaching and I am looking forward to connecting with many colleagues and associates in the field of compliance, privacy and security.  This conference gives us a unique chance to go beyond the email and social media communications and get to spend dedicated face-to-face time to share and exchange ideas and insights.  I am particularly excited about the pre-conference session P4 (Sunday 9 – Noon) where I will be joined by Meredith Phillips (CPO, Henry Ford Health System), Martin Edwards (HCLS Compliance Officer, Dell), and Chris Apgar (CEO, Apgar & Associates) to discuss Hot Topics in Privacy and Security.

FairWarning and ID Experts Team Up to Enable Streamlined Incident Management Process

Leading care providers already utilize FairWarning® privacy breach detection solutions to identify and investigate privacy incidents across all of their systems which protect protected health information, so today's announcement that ID Experts has successfully completed FairWarning® Ready Compliance Reporting Certification is exciting because it enables you to feed data associated with privacy incidents from FairWarning® seamlessly into ID Experts RADAR 2.0.

Yes, it is truly exciting! You may not think you know what I mean, but if you've posted a photo from your phone to Facebook or Shutterfly you've experienced it. The technology behind enabling workflows like centralized audit log collection, review, investigation, documentation and reporting, is liberating when you need to use it every day like privacy professionals in healthcare do today.

HCCA Compliance Institute Preview: Hot Topics in Privacy & Security

Remember the 80s (and willing to admit to it)? There was a song with a line that went: "living in the wild, wild west".

That lyric was running through my mind when I was putting together my presentation for the HCCA conference. We're living in the Wild West these days when it comes to both regulatory and technical standards.

Think about it – on the regulatory side, we've got: