Is the Juice Worth the Squeeze?

HHS/OCR Commissioner Leon Rodriguez presented his views on the state of healthcare privacy, security and data breach notification at the IAPP Global Privacy Summit last week in Washington, D.C. The title of this post is based on a question put to him by a neighbor as to whether the efforts in Rulemaking and enforcement actions by OCR (the squeeze) yield the positive outcomes and benefits (the juice) that the agency is trying to bring about.

Why Not Pull the Trigger on Cyber - Privacy Liability Insurance?

Almost every business collects sensitive data. This means that almost all businesses are at risk of a privacy breach that results in unplanned expenses like forensics, legal fees, notification and monitoring costs.  Some breaches even have legal fees from class action lawsuits or regulatory actions.  For other unplanned expenses like a building fire or a heart attack, companies and individuals alike purchase insurance as a way to protect themselves and/or their assets.  For organizations with sensitive data, which is most, there is cyber/privacy liability insurance to protect them, so why don’t all organizations buy this coverage.

Top of the Charts in Cloud Risk: Data Breaches

The Cloud Security Alliance (CSA) this week, as part of the RSA 2013 Conference, released its “Notorious Nine”. This is a list of the top threats associated with cloud computing.  At the top of the charts for 2013 – data breaches. With data breaches going to the top of this list, now is probably a great time to ask yourself the question: When should I consider placing personal privacy information from my customers and others in the cloud?

Does Your Budget Cover HIPAA Privacy, Compliance, and Security?

You have an important budget approval meeting coming up with your executive management, to review the HIPAA privacy, compliance, and security initiatives in your budget this year. Are you ready?

Here are some of the questions you will need to be prepared for:

Healthcare Security - One of the Most Vulnerable Industries

“One of the most vulnerable industries in the country” is the statement used to describe healthcare in America in a recent Washington Post article.  Rather damning words and ones that give us much to worry about as our fractious medical systems crawl into the digital age.

New HIPAA Rules: Is Your Organization Ready?

As most of you are already aware at this point, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the Final HIPAA Omnibus Rule in the Federal Register last month on January 25, 2013. So the question I think many of you should be asking is, so "what does this mean for me and my organization?"

What’s The Worst That Can Happen?

I was talking to a news reporter a few days ago about the risks of a breach of patient medical records and she asked:

"What's the worst thing that can happen???"

ID Experts RADAR 2.5: Final Rules Ready

Today we announced the availability of the latest release of our ID Experts RADAR 2.5, our HIPAA and States data breach risk assessment and incident management software.  The timing of this release also coincides with the recent publication of the HIPAA Final Breach Notification Rule as part of the HIPAA Omnibus rule.  I want to congratulate my team and our clients including hospitals, health plans and insurance carriers who have contributed significantly to this release through their participation in our Beta testing and feedback process. 

HIPAA Omnibus Final Rules: What you need to know and do

Join us for an in-depth analysis of the final rules with Adam Greene, a nationally-recognized authority on HIPAA and the HITECH Act and Partner with Davis Wright Tremaine, LLP and Mahmood Sher-Jan, Vice President of Product Management at ID Experts, including expectations of regulatory enforcement and specific recommendations for compliance. Adam and Mahmood will cover:

HIPAA Omnibus Final Rule Brings Sweeping Changes

I was asked recently by HITECH Answers to address some questions about the recently published HIPAA Omnibus Rule which addresses privacy, security and breach notification issues for HIPAA covered entities and business associates. The rules have been characterized as bringing "sweeping changes" in these areas. I think certainly that there are numerous areas within the Final Rules that will require the careful attention of all members of the healthcare ecosystem. Without a doubt, now that the Final Rules have been issued the breadth and intensity of investigations and enforcement actions by the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) are only likely to increase, exposing healthcare organizations and their business partners to greater risks. Learn more about the Rules and their implications at the upcoming webinar: HIPAA Final Rules: What you need to know and do. Speakers include Adam Greene, Partner at Davis Wright Tremaine. Previously, Adam was a regulator at the U.S. Department of Health and Human Services, where he played a fundamental role in administering and enforcing the HIPAA rules.