More Data Breach Enforcement Plus Changing Breach Laws Make for a Hot Summer

by Mahmood Sher-jan

Firefighters across the nation are facing unprecedented temperatures while responding to out-of-control fires that are endangering lives and destroying properties. Summer is also heating up for those of us in the security, privacy and compliance arenas.

Read More »

Financial Institutions Win the Data Breach Game with RADAR 4.0

by Mahmood Sher-jan

The great football coach Vince Lombardi said, “You don’t do things right once in a while…you do them right all the time.”

RADAR is an enterprise software solution for managing security and privacy incident response providing data breach guidance and operational workflow (to simplify compliance and reduce risks of future breaches).

Read More »

Snail-Slow Security Implementation Despite Reports of Increased Risks

by Mahmood Sher-jan

If you knew thieves would break into your house, you would take immediate steps to secure it, right? That’s not the case for organizations that face security risks, according to the Ponemon Institute’s recent report, The State of Data Centric Security, that was recently covered in an SC Magazine article

Read More »

Florida Repeals Old Law & Passes New Data Breach Law

by Mahmood Sher-jan

States typically amend their breach notification laws bust Florida repealed its law and passed a more comprehensive law. The newly signed Florida Information Protection Act of 2014, which will take effect on July 1, 2014, Florida joins the ranks of states that require businesses to safeguard individuals’ health inform by extending its definition of personal information (PI) to any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by health care professional, health insurance policy number or subscriber identification number and any unique identifier used by a health insurer to identify the individual.

Read More »

Patient Data Security in the Face of Advance Persistent Threats!

by Mahmood Sher-jan

Patient Privacy Network’s 2nd annual conference, held in Anaheim California on April 10, 2014, was a great opportunity for experts and Healthcare industry participants to share perspectives and to learn more about the latest security challenges facing the Healthcare industry.  Participants included Healthcare Chief Information Security Officers (CISOs), a California AG Office representative, Legal Experts, Internet Security Alliance (ISA) and Healthcare providers and payers.

Read More »

In The Data Breach Regulatory Derby – Kentucky Loses Out to Iowa

by Mahmood Sher-jan

On the first Saturday of May the nation turned its attention to the Bluegrass State to see California Chrome race to victory at the 140th Kentucky Derby. Now that the spectacle has come and gone, we’re boxing up our hats but still keeping our eye on Kentucky to see how it fares in another kind of derby. Earlier this spring Kentucky entered the “data breach regulatory derby,” becoming the 47th state to enact a data breach notification law.  If we were to handicap the race, this latest derby entrant is going to lose to Iowa’s recently amended breach law, SB 2252. Next to Iowa’s new law, Kentucky is looking a bit coltish, if you will.  Here’s why:

Read More »

Privacy Warriors Must Operationalize to Keep Compliance Up, Data Breaches Down

by Mahmood Sher-jan

Privacy warriors constantly battle to keep pace and comply with complex and ever changing regulations designed to address rapidly evolving business practices, technologies, and privacy threats.  In 2014 alone, at least 19 states have introduced bills that could amend or impact breach laws.  Unfortunately, these warriors are learning that the gap between what they must do, and what they are doing is growing unless their organizations implement the required processes and tools designed to simplify the monitoring and management of these complex breach laws.

Read More »

CISOs know the importance of operationalizing data incident response

by Mahmood Sher-jan

I was invited to speak about data governance in Boston and Washington DC last week along with multiple groups of security and compliance executives.  Coincidentally the Boston session was on January 28th, which is designated as Data Privacy Day  These sessions were part of data governance roundtable discussions organized by the CISO Executive Network. The scope of discussions ranged from organizational culture to data proliferation to emerging technologies addressing data classification, behavioral threat intelligence, and incident response management. 

Read More »

Why Aren’t Health Insurance Exchanges (HIX) Bound By HIPAA Rules?

by Mahmood Sher-jan

Yes, it is understandable that a HIX would not meet HIPAA’s definition of a covered entity (CE) and therefore HIPAA Privacy Rule would not generally apply.  But I wonder why these exchanges did not get designated as Business Associates (BA) under HIPAA since they all provide a clear service (data analysis and eligibility) to participating Health Plans and these plans are all covered entities under HIPAA?

Read More »

Why the Healthcare CISO can’t be a Dr. No

by Mahmood Sher-jan

Well, the obvious answer is that acting as Dr. No can impede innovation and delivery of business value, not to mention its career limiting affects.  If you are associated with the Healthcare industry, you are witnessing the biggest transformation any industry has gone through.  Whether you are a CISO at a Provider, a Payer, or a Healthcare Business Associate (BA), there’s little resembling business as usual. So much is changing so fast that the goal posts for meeting your security & privacy obligations and keeping your patients and members’ data secure seem farther than ever before. You are expected to be an enabler of sharing ever-larger amounts of sensitive patient & member data with authorized entities, not a blocker.

Read More »
Page 1 of 5 pages   1 2 3 >  Last »