Back to the Future Security Basics: Security through Obscurity Still Does Not...
Last week I provided Howard Anderson at HealthInfosecurity.com with some of my thoughts about the recent Utah Department of Health breach of the files of 900,000 individuals, and counting. He included...
View ArticleYou Need to Actually Do What Your Policies Say!
This week I spoke with a small (~25 employees) organization (a business associate providing services to healthcare providers) that contacted me looking for help; they had purchased a whiz-bang “HIPAA...
View ArticleShould You Rush to Execute a BA Agreement Today? Probably Not
The final HIPAA “mega rule” is going to be officially published on the Federal Register tomorrow, January 25, 2013. Currently the version available...
View ArticleAre You Ready to Pay for the Sins of Your Contracted Entities?
Over the years when working with a wide range of organizations, helping them to identify where all forms of their business information (including customer, client, patient and employee information) is...
View ArticleHow Physical Harm Impacts Can Drive Huge HIPAA Penalties
Are you a covered entity (CE) or business associate (BA) as defined by HIPAA? There are literally millions of organizations in the U.S. that fall under these definitions, and possibly additional...
View ArticleHow Long is the Liability Tail?
Don’t tell me it depends! Well, sorry, but… I’ve been involved in several interesting discussions (some with lawyers, some with security folks, some with privacy folks, and a few of the folks wearing...
View ArticleI See Business Associates…Do You See Yours?
I’m getting a lot of déjà vu vibes lately with the old-ish Bruce Willis movie with the catch phrase “I see dead people.” (Remember that?) Only my twist on this phrase for the past few years is, “I see...
View ArticleI Don’t Need No Stinkin’ BA Agreement…or Do I?
Last week one of my Compliance Helper clients that is a health insurance company asked me the following question (slightly modified to protect their identity): For the past two years, we have tried to...
View ArticleYou Don’t Attain Your Clients’ Compliance
Someone recently commented that I write a lot of blog posts based on my work and what my clients, students and others I meet at conferences and training classes have said or done. Well, that’s because...
View ArticleWhen is PHI Not PHI?
The deadline for complying with the Omnibus Rule is quickly approaching. Psst…it’s September 23 for most covered entities (CEs) and business associates (BAs). I’ve been tardy in getting blog posts...
View ArticleIf it was Intentional it is *NOT* Incidental
In the past week I got the third question in a one month time-frame about the same topic. My unwritten, loosely followed rule is that if three different organizations ask me pretty much the same...
View Article$2.5 Million Settlement Against BA As Result of Not Understanding HIPAA...
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced a Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement against a Business Associate...
View Article
More Pages to Explore .....