Written Information Security Program

Subscribe to Written Information Security Program via RSS

Reuters and other news outlets are reporting that Representative Mary Bono Mack has circulated draft legislation in response to the steady stream of data breaches that have occurred this year. According to the report, Senate Majority leader Harry Reid also has asked four Senate committees to pull together a comprehensive cybersecurity bill, hoping it will be

Government report says HIPAA enforcement not sufficient to protect electronic health information and recommends more audits. The result may be more “compliance reviews,” audits, for covered entities and business associates.
Continue Reading HHS’ Office of Inspector General Recommends More HIPAA Audits

NBC’s Bob Sullivan reported on a rising trend of identity thieves targeting children. Why? Well, having no real credit history, most children’s credit is clean and good. Also, children, particularly younger children, are not going to be needing or looking at their credit for some time. These factors make children more attractive targets of identity theft.

Mr.

Any illusion an organization may hold that it is operating “under the radar” of regulators should be shattered in the current compliance environment. Governmental agencies are increasingly able to efficiently coordinate with one another in matters of enforcement, and this post is a good example of that.
Continue Reading Inter-agency Cooperation Nabs HIPAA Violator for HHS

Promising a company that you will safeguard its employees’ information and then failing to do it according to Federal Trade Commission (FTC) standards likely will be viewed by the FTC as an unfair and deceptive business practice and trigger an enforcement action.

This was the case for Lookout Services, Inc., a company that maintains large amounts of

The National Association of Secretaries of State has recognized that the newest victims of identity theft are small and medium-sized businesses. These businesses need to take steps to safeguard not only personal information of customers, employees and others, but also the businesses’ corporate and financial data.
Continue Reading Small to Mid-Sized Businesses Wake Up! The National Association of Secretaries of State Warns Identity Theft Does Not Just Hurt Individuals

CDPH’s data privacy enforcement activity continues, this time affecting 6 hospitals and a nursing home with total penalties approaching $800,000.
Continue Reading California Department of Public Health Continues to Fine Hospitals and Nursing Homes for Data Breaches

We’ve written extensively here on the importance of safeguarding personal information. We’ve also made clear that the safeguarding of data should not stop with individually identifiable personal information. In fact, many times a company’s most sensitive information, data critical to the survival of its business, is its corporate trade secrets, proprietary information, and its clients’

As reported by the American Bar Association and PHIprivacy.net, lawyers, accountants, health care providers and others soon may get some clarity as to whether the "red flag" rules apply to them. The United States Senate voted unanimously to pass the Red Flag Program Clarification Act of 2010. Under the Act, according to statements from Sen.