REGULATORY COMPLIANCE Archives

Pay attention to Security Risk Analysis in Meaningful Use Attestation

May 31, 2013 | REGULATORY COMPLIANCE

As is well known, Centers for Medicare & Medicaid Services (CMS) has been conducting pre and post payment audits of healthcare provider organizations attesting to Meaningful Use (MU). Our experience …

Do we have a wake-up call in the OIG HHS Report on HIPAA Security Rule Compliance & Enforcement?

May 23, 2011 | ACCESS GOVERNANCE, DATA BREACHES, HIPAA/HITECH COMPLIANCE, REGULATORY COMPLIANCE

If you didn’t notice already, the Office of Inspector General (OIG) in the Department of Health and Human Services (HHS) published a report on the oversight by the Center for …

Providers Is HIPAA Security Risk Analysis in your plan over the next few months?

Sep 22, 2010 | HIPAA/HITECH COMPLIANCE, REGULATORY COMPLIANCE, RISK ASSESSMENT, SECURITY

Security Risk Analysis is something that we recommend all organizations conduct periodically or before a significant process or technology change. After all, threats, vulnerabilities and impact (three components of risk, …

You don’t know what you don’t know Do we have a “detection” problem with the healthcare data breach numbers?

Aug 25, 2010 | DATA BREACHES, HIPAA/HITECH COMPLIANCE, INFORMATION RISK, PRIVACY, REGULATORY COMPLIANCE, SECURITY

Like some of you perhaps, I have been reading a few recent articles on Healthcare data breaches, especially the one from Dark Reading and a detailed analysis of the 2010-to-date …

May we suggest some priority adjustments to your PCI DSS Compliance program?

Aug 12, 2010 | INFORMATION RISK, PCIDSS, REGULATORY COMPLIANCE, SECURITY

It isn’t any news that achieving PCI DSS Compliance continues to be onerous for many merchants out there. PCI DSS is after all an all-or-nothing regulation meaning that not …

Verizon 2010 Data Breach Investigations Report Key takeaways for Security Assessors and Auditors

Aug 3, 2010 | INFORMATION RISK, PCIDSS, RISK ASSESSMENT, SECURITY

The Verizon 2010 Data Breach Investigations Report (DBIR) released last week has some interesting findings, just as it did last year. What makes it special this year is that Verizon …

Proposed updates to HIPAA Security and Privacy Rules What is new?

Jul 16, 2010 | HIPAA/HITECH COMPLIANCE, INFORMATION RISK, PRIVACY, REGULATORY COMPLIANCE, SECURITY

It was good to see the Office of Civil Rights (OCR) publish the long awaited proposed updates to HIPAA Security and Privacy Rules Thursday last week. Note that OCR is …

Logging for Effective SIEM and PCI DSS Compliance …. UNIX, Network Devices and Databases

Jun 1, 2010 | HIPAA/HITECH COMPLIANCE, PCIDSS, REGULATORY COMPLIANCE, SECURITY, SIEM

In one of my previous blogs, I covered the importance of logging the “right” events for an effective Log Management or Security Information and Event Management (SIEM) deployment … see …

FTC delays enforcement of Identity Theft Red Flags Rule to 12/31/10

May 28, 2010 | FTC IDENTITY THEFT RED FLAGS RULE, PRIVACY, REGULATORY COMPLIANCE

FTC announced earlier this morning that it is delaying enforcement of the Red Flags Rule to 12/31/10 pending expected legislation by Congress that would affect the scope of entities covered …

REGULATORY COMPLIANCE

Pay attention to Security Risk Analysis in Meaningful Use Attestation

Do we have a wake-up call in the OIG HHS Report on HIPAA Security Rule Compliance & Enforcement?

Providers Is HIPAA Security Risk Analysis in your plan over the next few months?

You don’t know what you don’t know Do we have a “detection” problem with the healthcare data breach numbers?

May we suggest some priority adjustments to your PCI DSS Compliance program?

Verizon 2010 Data Breach Investigations Report Key takeaways for Security Assessors and Auditors

Proposed updates to HIPAA Security and Privacy Rules What is new?

Logging for Effective SIEM and PCI DSS Compliance …. UNIX, Network Devices and Databases

FTC delays enforcement of Identity Theft Red Flags Rule to 12/31/10

Reach out to us

Office

Call Us