Our web-based software tools are designed specifically to assist our clients in managing data breach risks. Learn More »
RADAR helps you in risk assessment, documentation and reporting for HITECH data breach incidents.
Learn More »
Firefighters across the nation are facing unprecedented temperatures while responding to out-of-control fires that are endangering lives and destroying properties. Summer is also heating up for those of us in the security, privacy and compliance arenas.Read More »
The great football coach Vince Lombardi said, “You don’t do things right once in a while…you do them right all the time.”
RADAR is an enterprise software solution for managing security and privacy incident response providing data breach guidance and operational workflow (to simplify compliance and reduce risks of future breaches).Read More »
If you knew thieves would break into your house, you would take immediate steps to secure it, right? That’s not the case for organizations that face security risks, according to the Ponemon Institute’s recent report, The State of Data Centric Security, that was recently covered in an SC Magazine articleRead More »
States typically amend their breach notification laws bust Florida repealed its law and passed a more comprehensive law. The newly signed Florida Information Protection Act of 2014, which will take effect on July 1, 2014, Florida joins the ranks of states that require businesses to safeguard individuals’ health inform by extending its definition of personal information (PI) to any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by health care professional, health insurance policy number or subscriber identification number and any unique identifier used by a health insurer to identify the individual.Read More »
Patient Privacy Network’s 2nd annual conference, held in Anaheim California on April 10, 2014, was a great opportunity for experts and Healthcare industry participants to share perspectives and to learn more about the latest security challenges facing the Healthcare industry. Participants included Healthcare Chief Information Security Officers (CISOs), a California AG Office representative, Legal Experts, Internet Security Alliance (ISA) and Healthcare providers and payers.Read More »
On the first Saturday of May the nation turned its attention to the Bluegrass State to see California Chrome race to victory at the 140th Kentucky Derby. Now that the spectacle has come and gone, we’re boxing up our hats but still keeping our eye on Kentucky to see how it fares in another kind of derby. Earlier this spring Kentucky entered the “data breach regulatory derby,” becoming the 47th state to enact a data breach notification law. If we were to handicap the race, this latest derby entrant is going to lose to Iowa’s recently amended breach law, SB 2252. Next to Iowa’s new law, Kentucky is looking a bit coltish, if you will. Here’s why:Read More »
Privacy warriors constantly battle to keep pace and comply with complex and ever changing regulations designed to address rapidly evolving business practices, technologies, and privacy threats. In 2014 alone, at least 19 states have introduced bills that could amend or impact breach laws. Unfortunately, these warriors are learning that the gap between what they must do, and what they are doing is growing unless their organizations implement the required processes and tools designed to simplify the monitoring and management of these complex breach laws.Read More »
I was invited to speak about data governance in Boston and Washington DC last week along with multiple groups of security and compliance executives. Coincidentally the Boston session was on January 28th, which is designated as Data Privacy Day These sessions were part of data governance roundtable discussions organized by the CISO Executive Network. The scope of discussions ranged from organizational culture to data proliferation to emerging technologies addressing data classification, behavioral threat intelligence, and incident response management.Read More »
Yes, it is understandable that a HIX would not meet HIPAA’s definition of a covered entity (CE) and therefore HIPAA Privacy Rule would not generally apply. But I wonder why these exchanges did not get designated as Business Associates (BA) under HIPAA since they all provide a clear service (data analysis and eligibility) to participating Health Plans and these plans are all covered entities under HIPAA?Read More »
Well, the obvious answer is that acting as Dr. No can impede innovation and delivery of business value, not to mention its career limiting affects. If you are associated with the Healthcare industry, you are witnessing the biggest transformation any industry has gone through. Whether you are a CISO at a Provider, a Payer, or a Healthcare Business Associate (BA), there’s little resembling business as usual. So much is changing so fast that the goal posts for meeting your security & privacy obligations and keeping your patients and members’ data secure seem farther than ever before. You are expected to be an enabler of sharing ever-larger amounts of sensitive patient & member data with authorized entities, not a blocker.Read More »
© Copyright 2014 ID Experts
A message from our lawyers. ID Experts, the ID Experts logo, and Breach HealthCheck are registered trademarks of ID Experts. RADAR, FraudStop, YourResponse, Breach Prevent, and Breach Respond are trademarks of ID Experts. All other trademarks used within the ID Experts website are the property of their respective owners.