Risk Assessment is a foundational requirement for an effective security or privacy program and it needs to be the basis for every investment decision in information security or privacy. To …
HIPAA
Can we change the tune on Health Information Security and Privacy please?
Notice the title doesn’t say HIPAA Security and Privacy. Nor does it have any of the words – HITECH, Omnibus Rule, Meaningful Use etc. That is the point of this post. Let …
Pay attention to Security Risk Analysis in Meaningful Use Attestation
As is well known, Centers for Medicare & Medicaid Services (CMS) has been conducting pre and post payment audits of healthcare provider organizations attesting to Meaningful Use (MU). Our experience …
CHIME On MU Audits… Looking For Thoughts/Feedback
I happened to read this article from Information Week Healthcare and was especially interested by this quote reproduced below… “CHIME also raised the issue of excessive auditing of providers in …
Do we have a wake-up call in the OIG HHS Report on HIPAA Security Rule Compliance & Enforcement?
If you didn’t notice already, the Office of Inspector General (OIG) in the Department of Health and Human Services (HHS) published a report on the oversight by the Center for …
Providers Is HIPAA Security Risk Analysis in your plan over the next few months?
Security Risk Analysis is something that we recommend all organizations conduct periodically or before a significant process or technology change. After all, threats, vulnerabilities and impact (three components of risk, …
You don’t know what you don’t know Do we have a “detection” problem with the healthcare data breach numbers?
Like some of you perhaps, I have been reading a few recent articles on Healthcare data breaches, especially the one from Dark Reading and a detailed analysis of the 2010-to-date …
Proposed updates to HIPAA Security and Privacy Rules What is new?
It was good to see the Office of Civil Rights (OCR) publish the long awaited proposed updates to HIPAA Security and Privacy Rules Thursday last week. Note that OCR is …
Logging for Effective SIEM and PCI DSS Compliance …. UNIX, Network Devices and Databases
In one of my previous blogs, I covered the importance of logging the “right” events for an effective Log Management or Security Information and Event Management (SIEM) deployment … see …