How “Near Misses” Can Inform your Security Strategy and Reduce Data Breach Risk

by Doug Pollack

Organizations across industries are facing increased public attention and regulatory scrutiny in light of high profile data breach incidents. While the Target’s of the world get more publicity than they’d ever hoped for, what lies beneath all of this is that for every one very public Target security incident, there are hundreds, if not thousands, of security incidents involving regulated data (specifically personal information) that are “near misses”. The one’s that happened, but due to good fortune or effective efforts did not result in an incident that is categorized as a “data breach”, which then requires a public disclosure for all to see.

Read More »

Healthcare Organizations Prepare for Upcoming OCR HIPAA Audit Season

by ID Experts

Healthcare organizations and business associates may soon be hearing from the Health and Human Resources (HHS) Office for Civil Rights (OCR), as the agency prepares to conduct a new phase of audits. Scheduled to begin in the fall, OCR Audits Phase 2 will be conducted by the OCR itself and will focus on high-risk areas and enforcement.

Read More »

Singing the Blues

by Christine Arevalo

The 2014 Blue National Summit is the premier BCBSA conference of the year, assembling Blue Cross Blue Shield professionals from across the multi-faceted network to share best practices, gather insights and information, as well as speak to current trends. This conference is the only all-Blue event that brings together professionals from all 37 Blue Plans from virtually every discipline.

Read More »

Is It Really That Bad?

by Heather Noonan

Is a data breach really that bad? Well, yes and no. It’s terrible that a breach occurred, but how you respond is what counts.  It’s just like any problem. Your solution and response can turn everything around or your lack of response can create a bigger mess down the road, causing you to rethink your initial response. We have all seen it. (As consumers, we ask, why didn’t you just tell us what happened? Be honest.)

Read More »

ID Experts Announces Issuance of U.S. Patent for RADAR

by ID Experts

On April 22, 2014, the U.S. Patent and Trademark Office granted ID Experts U.S. Patent No. 8,707,445:  Systems and Methods for Managing Data Incidents for our industry leading incident management software, RADAR. The patent covers systems and methods for managing a data incident including data breach data that comprises information corresponding to a suspected data breach incident.

Read More »

A Year of Rampant Tax Fraud

by Doug Pollack

There must be something in the water this year. There has been an epidemic of tax fraud that has affected employees of several healthcare organizations. And it now seems like cyber security experts are getting to the root cause of how this was done.

Read More »

Patient Data Security in the Face of Advance Persistent Threats!

by Mahmood Sher-jan

Patient Privacy Network’s 2nd annual conference, held in Anaheim California on April 10, 2014, was a great opportunity for experts and Healthcare industry participants to share perspectives and to learn more about the latest security challenges facing the Healthcare industry.  Participants included Healthcare Chief Information Security Officers (CISOs), a California AG Office representative, Legal Experts, Internet Security Alliance (ISA) and Healthcare providers and payers.

Read More »

In The Data Breach Regulatory Derby – Kentucky Loses Out to Iowa

by Mahmood Sher-jan

On the first Saturday of May the nation turned its attention to the Bluegrass State to see California Chrome race to victory at the 140th Kentucky Derby. Now that the spectacle has come and gone, we’re boxing up our hats but still keeping our eye on Kentucky to see how it fares in another kind of derby. Earlier this spring Kentucky entered the “data breach regulatory derby,” becoming the 47th state to enact a data breach notification law.  If we were to handicap the race, this latest derby entrant is going to lose to Iowa’s recently amended breach law, SB 2252. Next to Iowa’s new law, Kentucky is looking a bit coltish, if you will.  Here’s why:

Read More »

The “HIPAA-cratic” Oath: Keep Sensitive Health information Private

by Rick Kam

I was thinking back on the keynote speech that Michael Josephson, president and founder of the Josephson Institute, gave at the HCCA conference in San Diego in April.  He spoke on the role of ethics in compliance.  It prompted me to Google the Hippocratic oath that physicians and other health care professionals take to uphold their professional ethical standards.  What I found was this text taken from the original version of the Hippocratic oath written in the 12th century:

Read More »

In Experian We Trust?

by Doug Pollack

The folks at Experian have been receiving a great deal of well-deserved attention recently. Just this week, the states of North Carolina and Iowa joined Connecticut and Illinois Attorneys General in investigating Experian for the alleged access to a database of records on approximately 200 million Americans with information including social security numbers, dates of birth, and email addresses, among other sensitive personal data, by an identity theft service masquerading as a private investigator.  That Experian is able to sell the personal data of American’s without explicit consent seems counterintuitive, given that as a credit bureau they are in a “unique position” relative to the (regulated) manner as to how they collect such information. The fact that Experian is also frequently trusted by organizations that themselves have had data breach to care for the affected consumers is downright perplexing.

Read More »
Page 2 of 35 pages   <  1 2 3 4 >  Last »