The ECRI Institute recently published an excellent summary of key issues for hospitals concerning social media (registration required), a valuable read for any hospital administrator, risk manager or human resources director. ECRI reports that approximately 4,000 U.S. hospitals own social media sites and that number is sure to grow significantly. One of the reasons for this growth will likely be due in significant
Information Risk
School Kids’ Data at Risk
Note to parents and school districts – data thieves are targeting cash-strapped school distrists to steal unprotected personal information of students who happen to have pristine credit histories.
Continue Reading School Kids’ Data at Risk
Automating HIPAA Compliance Tracking and Audit Preparation
HIPAA covered entities and business associates need to consider how to practically and efficiently track and illustrate compliance should they find an OCR investigator knocking at the door.
Continue Reading Automating HIPAA Compliance Tracking and Audit Preparation
OCR Announces HIPAA Audit Program
Today, the Office for Civil Rights formally announced its HIPAA audit plan, with audits commencing in November 2011. A new page on OCR’s website answers some helpful questions for covered entities and business associates, which are summarized in this report.
Continue Reading OCR Announces HIPAA Audit Program
Update: Ninth Circuit to Rehear CFAA Case
As previously discussed, the federal appeals court in San Francisco had reinstated an indictment charging a former employee of Korn/Ferry International, Inc., with violations of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (the “CFAA”) for trying to start a business that would compete with his former employer. Now, however, at…
SEC Guidance Related to Reporting Cyber Risks and Incidents
By Joseph J. Lazzarotti on
Posted in Information Risk
SEC issues guidance clarifying reporting obligations for public companies relating to cybersecurity and cyber incidents.
Continue Reading SEC Guidance Related to Reporting Cyber Risks and Incidents
Federal Contractors Required to Conduct Privacy Training Under Proposed Regulations
By Joseph J. Lazzarotti on
Posted in Information Risk
A proposed regulation would require federal contractors to conduct privacy training on at least 7 key areas before being given access to government records or handling personally identifiable information. Failing to provide the training potentially would put a halt to the contractor’s government work.
Continue Reading Federal Contractors Required to Conduct Privacy Training Under Proposed Regulations
HIPAA Audits to Begin Early 2012
Approximately 150 HIPAA on-site audits are scheduled to begin in early 2012. Covered entities and business associates should be aware of the nature and scope of these audits and what they should be doing to be prepare should they be selected.
Continue Reading HIPAA Audits to Begin Early 2012
HHS’ Text4Health Task Force Makes Health Texting Recommmendations
By Joseph J. Lazzarotti on
Text4Health Task Force Makes Health Texting Recommendations to HHS…
Continue Reading HHS’ Text4Health Task Force Makes Health Texting Recommmendations
HHS Report to Congress Shows Marked Increase in Data Breaches
The Office of Civil Rights of the U.S. Department of Health and Human Services (“HHS”) has published its first round of annual reports to Congress under the HITECH (Health Information Technology for Economic and Clinical Health) Act of 2009 to Congress. The first report concerns HHS’s HIPAA (Health Insurance Portability and Accountability Act of 1996)…