By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Regulatory Compliance

Health and Human Services (HHS) issued new regulations this week requiring healthcare providers, health plans and other entities covered by HIPAA (Health Insurance Portability and Accountability Act) to notify patients if their electronic health information has been breached. The regulations were developed by HHS Office of Civil Rights (OCR) and require healthcare providers and other HIPAA covered entities to promptly notify people, the HHS and the media in breaches that affect more than 500 people. Earlier this week, HHS announced that they delegated the authority for the administration and enforcement of the HIPAA Security Rule to the Office for Civil Rights (OCR). Any lessons learnedRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Regulatory Compliance

In case you missed it, the Department of Health and Human Services (HHS) has delegated the authority for the administration and enforcement of HIPAA Security Rule to the Office for Civil Rights (OCR).  In the article Secretary Sebelius commented: “Security and privacy of health information are increasingly intersecting as the department works with the health industry to adopt electronic health records and participate in an even greater level of electronic exchange of health information. Privacy and security are naturally intertwined, because they both address protected health information. Combining the enforcement authority in one agency within HHS will facilitate improvements by eliminating duplication and increasing efficiency.”Read More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, Regulatory Compliance

Lessons Learned Review…Keeping You Out of the Headlines and out of this blog… Please take a moment to consider how these Lessons Learned could be implemented by managers within your organization to avoid expensive and embarrassing situations… Research Finds PCI DSS Awareness High Among Small Retailers, Lack of Understanding Remains Huge Hurdle A recent survey revealed that although most small retailers feel somewhat familiar with PCI-DSS and also understand the importance of security, most small retailers express frustration with understanding, implementing and paying for compliance.  Has your organization met compliance requirements?  Is your data secure? Schools are Given New Flu Guidelines The federal government releasedRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Information Security, Legal, Regulatory Compliance, School Safety

Every manager I talk to has a long To Do List and they all say the list is getting longer. Then I ask them a question about their GOT TO DO LIST?  Their responses usually include groans, moans and terribly painful looks on their faces. As I talk to more and more managers and review more and more headlines in the news, it is obvious to me that managers’ GOT TO DO LISTS are becoming more painful by the day. Why are GOT TO DO LISTS getting more painful?  Look at these articles which include lessons learned as well as future challenges: Heartland CEO onRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security

A title to an article in SmartMoney caught my attention because it read “Dingbat Data Leaks”. I think it caught my attention because over the last 27+ years or so, I have worked with my share of IT and IS department managers, as well spending many years working with end-users and I am not sure I understand who the author is referring to as the “dingbats”? The author mentions absurd incidents and common blunder incidents….so: Are the people that throw away sensitive records in the trash the dingbats?   Are the people that lose flash drives and laptops the dingbats? Is the gas station attendant whoRead More →

By:
On:
In: *Connecting the Dots Blog*, Emergency Management, Incident Reporting, Information Privacy, Information Security, Legal, Regulatory Compliance, Workplace Violence

Lessons Learned Review…Keeping You Out of the Headlines and out of this blog… Please take a moment to consider how these Lessons Learned could be implemented by managers within your organization to avoid expensive and embarrassing situations… DDoS Attacks On Twitter, Facebook Result Of Massive Attack On One Person A pro-Georgian blogger called “Cyxymu” was apparently the intended target of the massive DDoS attack that knocked down Twitter and caused major slowdowns on Facebook and LiveJournal.  A botnet blasted waves of traffic at the blogger’s accounts on the sites simultaneously. File Sharing Banned on Government Networks  Rep. Edolphus Towns introduced a bill to ban file-sharingRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Legal

Will Rep. Edolphus Towns (D-NY) introduce a bill to ban e-mail and phone software next? I was reading an article in the Washington Post that reported that online data-sharing technology has led to the disclosure of sensitive government and personal information.  According to the article some of the sensitive information included: FBI surveillance photos of a Mafia hit man Lists of people with HIV and social security numbers Motorcade routes and safe-house locations for then-first lady Laura Bush Names of people in government’s witness protection program Records with full psychological assessments of patients   In response to the news, the chairman of the House OversightRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Regulatory Compliance

Another data breach involving more than 500,000 records and Network Solutions is yet another organization that claims they were PCI compliant.  How can this be happening?  How does an organization know if they are PCI compliant with all 12 sections of PCI Security Standards which include hundreds of processes, roles and responsibilities that people must be following and implementing on a daily basis? Maybe what PCI really needs is a new focus and a new three letter acronym to go with all their other three letter acronyms.  If you visit the PCI Security Standards web site, you will find a whole bunch of three letterRead More →

By:
On:
In: *Connecting the Dots Blog*, Emergency Management, Incident Reporting, Information Privacy, Information Security, School Safety

Keeping You Out of the Headlines and out of this blog… Please take a moment to consider how these Lessons Learned could be implemented by managers within your organization to avoid expensive and embarrassing situations… Secret Service Information Revealed in P2P Data Leak On July 29th, it was revealed that files including information about a Secret Service safe house for the President’s family, details regarding the Pentagon’s network infrastructure, and specific details about every nuclear facility in the US were found on the LimWire file-sharing network.  As a result, a bill has been introduced that would ban P2P sharing on all government computers and networks. Read More →

By:
On:
In: *Connecting the Dots Blog*

Not sure if most people saw the article in USA Today, but health officials from the Center for Disease Control and Prevention made a disturbing new projection that up to 40% of Americans could get H1N1 (swine flu) this year and next….and several hundred thousand could die if a successful vaccine campaign is not ready. These projections for the US are nearly twice the number of people that catch the flu bug in a normal season.  Is your organization prepared?  Has your organization performed assessments to determine what could happen and what would need to happen if up to 40% of its staff was sickRead More →