Tueoris Blog – Our Thoughts On Information Security and Privacy

The California Consumer Privacy Act (“CCPA”) becomes effective in less than a year.  That means that for businesses in highly ...
Read More

The California Consumer Privacy Act of 2018 (CCPA) is shaping up to be the most significant consumer privacy law passed in ...
Read More

By Dan Goldstein, Co-Founder and Partner, Tueoris, LLC. Introduction If you’re a privacy professional that spent a good chunk of ...
Read More

The California Consumer Privacy Act (“CCPA”) becomes effective in less than a year and businesses – especially those in highly ...
Read More

By Mayra Cavazos, Senior Consultant, Tueoris, LLC Responding in an appropriate and adequate manner to data subject access requests from ...
Read More

By Tamara Lev, Consultant, Tueoris, LLC. Introduction In today’s data-driven environment, businesses around the world consume vast amounts of personal ...
Read More

GDPR compliance continues to pose challenges across a wide swath of businesses and business functions that rely on the processing ...
Read More

Welcome to the introductory post in our “Meaningful Outcomes” series on Identity Governance and Administration (IGA). If you are here ...
Read More

By Mayra Cavazos, Senior Consultant, Tueoris, LLC Introduction The European Union (EU) General Data Protection Regulation (GDPR) has impacted businesses ...
Read More

By Shawna Doran, Senior Manager, Tueoris, LLC and Dan Goldstein, Partner, Tueoris LLC In the run-up to May 25, 2018, ...
Read More

Introduction Pharmaceutical and biotech companies sponsoring clinical research have traditionally relied on patient consent as the legal basis for processing ...
Read More

If you are like most medium or large healthcare providers these days, your Electronic Health Record (EHR) environment is likely ...
Read More

The OPM breach has been deservedly in the news for over a month now.   Much has been written and ...
Read More

Since I follow the teleheath space rather closely from a security/privacy perspective, I was drawn yesterday to this article titled ...
Read More

It has been just over a week since the #AnthemHack was made public. Over this period, the main stream media and ...
Read More

HealthcareITNews reported yesterday on this letter that was written by several physician organizations to the ONC. I wanted to write ...
Read More

It is no secret that Identity and Access Management (IAM) continues to be a challenge for many organizations. As a ...
Read More

Like many other Health IT initiatives today, the primary driver for patient portals is regulatory in nature. Specifically, it is ...
Read More

This is a detailed follow-up to the quick post I wrote the Friday before the Labor Day weekend,  based on my read ...
Read More

In most cases, better security posture is all about getting a few basics right. And this recent incident related to ...
Read More

Hello PCI SSC, You had me on board until I saw this statement in your guidance1 released yesterday. “However, using ...
Read More

Almost all Payment Card Industry (PCI) breaches over the past year, including the most recent one at Supervalu appear to have ...
Read More

By now, it should be clear that we need to consider strong (multi factor) authentication for access to anything of value ...
Read More

What could be possibly wrong with “Best Practices” or “Leading Practices” that your favorite security consultant might be talking about? Or ...
Read More

I am sure some of you saw this news report about HHS OIG finding some security related deficiencies in the ...
Read More

It is probably safe to say that we security professionals hear the phrase in the title of this post rather ...
Read More

I came across this Akamai Security Blog post recently which I thought was a useful and informative read overall. As ...
Read More

I think it makes sense for the HIPAA Security Rule (even in its latest form from the Omnibus update)  not ...
Read More

Risk Assessment is a foundational requirement for an effective security or privacy program and it needs to be the basis ...
Read More

As is well known, Centers for Medicare & Medicaid Services (CMS) has been conducting pre and post payment audits of ...
Read More

Notice the title doesn’t say HIPAA Security and Privacy. Nor does it have any of the words – HITECH, Omnibus Rule, Meaningful ...
Read More

I happened to read this article from Information Week Healthcare and was especially interested by this quote reproduced below… “CHIME ...
Read More

Here is something to think about as a security/privacy consultant or consulting team, big or small … When you work ...
Read More

I couldn’t help write this post when I noticed this press release based on an IDC Insights Survey of Oil ...
Read More

If you didn’t notice already, the Office of Inspector General  (OIG) in the Department of Health and Human Services (HHS) ...
Read More

I was prompted to write this quick post this morning when I read this article. I think it is a ...
Read More

Security Risk Analysis is something that we recommend all organizations conduct periodically or before a  significant process or technology change ...
Read More

If you have been following some of our posts, you probably realize that we don’t advocate security for the sake ...
Read More

Like some of you perhaps, I have been reading a few recent articles on Healthcare data breaches, especially the one ...
Read More

It isn’t any news that achieving PCI DSS Compliance continues to be onerous for many merchants out there. PCI DSS ...
Read More

The Verizon 2010 Data Breach Investigations Report (DBIR) released last week has some interesting findings, just as it did last ...
Read More

It was good to see the Office of Civil Rights (OCR) publish the long awaited proposed updates to HIPAA Security ...
Read More

In one of my previous blogs, I covered the importance of logging the “right” events for an effective Log Management ...
Read More

FTC announced earlier this morning that it is delaying enforcement of the Red Flags Rule to 12/31/10 pending expected legislation ...
Read More

I recently received a tweet titled “PCI DSS Compliance – Quick and Dirty”. I think it is safe to say ...
Read More

Frankly, I have lost count of how many times FTC has moved the deadline already (see my related post from ...
Read More

PCI SSC has just released new details regarding the training schedule for the ISA program. The program is obviously PCI ...
Read More

PCI DSS has had specific requirements for logging and review of those logs for sometime now. The logging requirements (under ...
Read More

PCI SSC released another update yesterday related to digital audio recordings. The update provides further clarification (to the update on ...
Read More

What am I doing here blogging on Effective Data Management? In the interest of full disclosure, I’m an Information Risk ...
Read More

How often do we care to read the privacy statements we receive from any number of sources these days? I ...
Read More