By:
On:
In: *Connecting the Dots Blog*, Uncategorized

  I have attended several threat management and risk management seminars this year, and it seems like many of the speakers and experts have fallen under the spell of “super-should-a-docious”. Many of the speakers and experts continue to express “You should do this” and “Your people should do that” or “You should implement best practices” and “Your people should know this/that” and on and on. And at the seminars and conferences I have been attending, I sense that attendees  are starting to get tired of the same old “should” dance and would rather hear about solutions that allow them to implement all the “shoulds”.  It’sRead More →

By:
On:
In: *Connecting the Dots Blog*, Campus Safety, School Safety

  Raymond J. McNulty, president of the International Center for Leadership in Education discusses that in order to see real change in our schools and move the needle on closing the achievement gap, school leaders need to try some things that aren’t “proven.”  Organizations need to experiment with “next practices” not best practices that have been researched and proven. Lessons Learned:  As Einstein said long ago, “Insanity is doing the same thing over and over again and expecting different results.”  Lessons learned have clearly shown that schools need to replace traditional and status quo methodologies with new and innovative tools to help improve student achievement,Read More →

By:
On:
In: *Connecting the Dots Blog*, Campus Safety, Emergency Management, Incident Reporting, Legal, Regulatory Compliance, Risk Management, School Safety

  Virginia Tech was fined the maximum fine allowed under the Clery Act of $55,000 for waiting almost two hours before warning students, faculty and staff of an active shooter on campus. Lessons Learned: Colleges and Universities must develop, implement and follow clearly defined policies and procedures for notifying students and staff in emergency situations.  School Administrators may want to create customizable, organizational and situational specific templates prior to an incident so the warning messages are already defined and the appropriate processes are understood by all appropriate personnel.   Organizations must also have customized emergency and crisis management plans and ensure all individuals (students, faculty, staff,Read More →

By:
On:
In: *Connecting the Dots Blog*, Campus Safety, Emergency Management, Incident Reporting, Legal, Regulatory Compliance, Risk Management, School Safety

  The U.S. Department of Education released the Handbook for Campus Safety and Security Reporting providing step-by-step procedures, examples, and references for higher education institutions to follow in meeting campus safety and security requirements. Lessons Learned:  College and University administrators are overwhelmed with responsibilities for HEOA, FERPA, HIPAA, Clery Act, OCR ‘Dear Colleague’ Letters, and much more and therefore guidance from the Federal Government can be helpful.  It is critical for School Administrators to utilize resources and develop comprehensive campus safety programs and create a culture of compliance and preparedness that is ongoing.  Traditional methodologies are clearly not working based on new handbooks, new regulationsRead More →

By:
On:
In: *Connecting the Dots Blog*, Campus Safety, Risk Management, School Safety

  Lawsuits targeting school districts for allowing students to be bullied by other students are escalating. Lessons Learned: With new guidelines outlined in an OCR “Dear Colleague” Letter and an increase in bullying, harassment, discrimination and school violence, schools need to be aware of the potential risk of lawsuits.  School leaders must ensure all individuals (staff, faculty, parents, students, counselors, etc.) understand their roles and responsibilities for preventing and responding to bullying and how to report incidents of bullying.  Schools must implement comprehensive and ongoing protocols for responding to ALL incidents of bullying and cyber bullying with legal-ready documentation to avoid “deliberate indifference” claims andRead More →

By:
On:
In: *Connecting the Dots Blog*, Campus Safety, Education, Emergency Management, School Safety

The Brazilian whose shooting spree left 12 school children dead was a loner who spent his days surfing the Web, and had been victim of schoolyard bullying and taunts.  His classmates and former teachers said he was routinely bullied at school, rejected and taunted by girls in class, and forced to endure “constant humiliation”. Lessons Learned:  There are several lessons learned from this tragedy.  Number One: Bullying can have a devastating effect on a child and can lead to severe violence.   Number Two: Multiple red flags were given prior to this attack: recent clothing changes, change in mental state, researching weapons online, withdrawing from society,Read More →

By:
On:
In: *Connecting the Dots Blog*, Legal, School Safety

  Lawsuits targeting school districts for allowing students to be bullied by other students are escalating. Lessons Learned: With new guidelines outlined in an OCR “Dear Colleague” Letter and an increase in bullying, harassment, discrimination and school violence, schools need to be aware of the potential risk of lawsuits.  School leaders must ensure all individuals (staff, faculty, parents, students, counselors, etc.) understand their roles and responsibilities for preventing and responding to bullying and how to report incidents of bullying.  Schools must implement comprehensive and ongoing protocols for responding to ALL incidents of bullying and cyber bullying with legal-ready documentation to avoid “deliberate indifference” claims andRead More →

By:
On:
In: *Connecting the Dots Blog*, Health Care, Regulatory Compliance

  A recent survey revealed that HIPAA is the most challenging regulation to businesses today. Lessons Learned: Regulatory requirements are updated regularly…Hackers, risks, threats, etc. are constantly changing. Staying up-to-date and within compliance is challenging, but critical.  Organizations must ensure all employees (and third-parties) understand their responsibilities to protect sensitive information.Read More →

By:
On:
In: *Connecting the Dots Blog*, Health Care, Information Privacy, Information Security, Regulatory Compliance

  OCR is offering HIPAA Enforcement Training to help State Attorneys General enforce the HIPAA Privacy and Security Rules and file federal civil lawsuits for HIPAA violations. Lessons Learned:  HHS and OCR are serious about Privacy and Security in Health Care.   Policies and procedures play a critical role in an organization’s culture of privacy and security and need to be updated as requirements, risks, regulations, etc. change.  Health care organizations will need to conduct internal audits and assessments rather than waiting for the OCR or AGs to arrive.  All employees and business associates must understand how to safely handle patient information and maintain a cultureRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Regulatory Compliance

  Health Net exposed as many as 1.9 million customer records in a breach after its IT vendor misplaced nine server drives.  This is the second breach in two years for Health Net when a portable hard drive containing medical and financial information on 1.5 million customers disappeared from a facility in Connecticut. Lessons Learned:  Technology is not the problem..People are the weak link and the solution.   Devices are often lost and misplaced due to People not being aware of or not being accountable for the policies and procedures that have been put in place by the organizational responsible for protecting customer information.  Organizations mustRead More →