You don’t know what you don’t know – Do we have a "detection" problem with...
Like some of you perhaps, I have been reading a few recent articles on Healthcare data breaches, especially the one from Dark Reading and a detailed analysis of the 2010-to-date breaches from HITRUST...
View ArticleLet’s talk some “real” insider threat numbers – How can Access Governance and...
If you have been following some of our posts, you probably realize that we don’t advocate security for the sake of security. Nor do we like to do compliance for the sake of compliance though you may...
View ArticleClik here to view.
Providers – Is HIPAA Security Risk Analysis in your plan over the next few...
Security Risk Analysis is something that we recommend all organizations conduct periodically or before a significant process or technology change. After all, threats, vulnerabilities and impact (three...
View ArticleNext time you do a Risk Assessment or Analysis, make sure you have Risk...
I was prompted to write this quick post this morning when I read this article. I think it is a good example of what some (actually many, in my experience) risk management programs may be lacking, which...
View ArticleClik here to view.
Do we have a wake-up call in the OIG HHS Report on HIPAA Security Rule...
If you didn’t notice already, the Office of Inspector General (OIG) in the Department of Health and Human Services (HHS) published a report on the oversight by the Center for Medicare and Medicaid...
View ArticleCompliance obligations need not stand in the way of better information...
I couldn’t help write this post when I noticed this press release based on an IDC Insights Survey of Oil & Gas Companies. I don’t have access to the full report so I am basing my comments solely on...
View ArticleFocus On What Really Matters – Outcomes and Results
Here is something to think about as a security/privacy consultant or consulting team, big or small … When you work on client consulting engagements, what are you really focused on? Is it just your...
View ArticleCan we change the tune on Health Information Security and Privacy please?
Notice the title doesn’t say HIPAA Security and Privacy. Nor does it have any of the words – HITECH, Omnibus Rule, Meaningful Use etc. That is the point of this post. Let us start with a question… I...
View ArticleTop 10 Pitfalls – Security or Privacy Risk Assessments
Risk Assessment is a foundational requirement for an effective security or privacy program and it needs to be the basis for every investment decision in information security or privacy. To that extent,...
View ArticleA Second Look At Our Risk Assessments?
I came across this Akamai Security Blog post recently which I thought was a useful and informative read overall. As I read through the blog post however, something caught my attention. It is the phrase...
View Article
