Blog
A Second Look At Our Risk Assessments?
I came across this Akamai Security Blog post recently which I thought was a useful and informative read overall. As I read through the blog post however, something caught my …
I like the fact that the HIPAA Security Rule is not prescriptive, except…
I think it makes sense for the HIPAA Security Rule (even in its latest form from the Omnibus update) not to be prescriptive. For one, the Rule is meant to …
Top 10 Pitfalls Security or Privacy Risk Assessments
Risk Assessment is a foundational requirement for an effective security or privacy program and it needs to be the basis for every investment decision in information security or privacy. To …
Compliance obligations need not stand in the way of better information security and risk management
I couldn’t help write this post when I noticed this press release based on an IDC Insights Survey of Oil & Gas Companies. I don’t have access to the full …
Can we change the tune on Health Information Security and Privacy please?
Notice the title doesn’t say HIPAA Security and Privacy. Nor does it have any of the words – HITECH, Omnibus Rule, Meaningful Use etc. That is the point of this post. Let …
Pay attention to Security Risk Analysis in Meaningful Use Attestation
As is well known, Centers for Medicare & Medicaid Services (CMS) has been conducting pre and post payment audits of healthcare provider organizations attesting to Meaningful Use (MU). Our experience …
CHIME On MU Audits… Looking For Thoughts/Feedback
I happened to read this article from Information Week Healthcare and was especially interested by this quote reproduced below… “CHIME also raised the issue of excessive auditing of providers in …
Focus On What Really Matters Outcomes and Results
Here is something to think about as a security/privacy consultant or consulting team, big or small … When you work on client consulting engagements, what are you really focused on? …
Do we have a wake-up call in the OIG HHS Report on HIPAA Security Rule Compliance & Enforcement?
If you didn’t notice already, the Office of Inspector General (OIG) in the Department of Health and Human Services (HHS) published a report on the oversight by the Center for …