risk assessment

Subscribe to risk assessment via RSS

The $50,000 in penalties that the Office for Civil Rights (OCR) recently imposed on a health care provider in Idaho was due in part to allegations that the HIPAA covered entity had not conducted a risk assessment as required under the HIPAA privacy and security regulations. Of course, HIPAA is not the only law that requires a risk

Today the White House issued a Cybersecurity Legislative Proposal. The proposed legislation focuses on protecting the American people, the nation’s critical infrastructure, and the federal government’s computers and networks.  While legislation of this nature would simplify the breach reporting process for businesses, and overall streamline cybersecurity laws, a number of legislative attempts to do this have previously

The National Association of Secretaries of State has recognized that the newest victims of identity theft are small and medium-sized businesses. These businesses need to take steps to safeguard not only personal information of customers, employees and others, but also the businesses’ corporate and financial data.
Continue Reading Small to Mid-Sized Businesses Wake Up! The National Association of Secretaries of State Warns Identity Theft Does Not Just Hurt Individuals

The most frequent question we hear from clients who want to develop or tighten their data privacy and security policies and procedures: Where do we start?

In most cases, the first step for the group charged with this task is to understand the organization’s "information risk." This means, in short, examining what information the company has