Archive

Archive for the ‘PHI’ Category

Copiers give up secrets…

April 28, 2010 Leave a comment

This interesting report by CBSNews highlights the problem of not paying attention to how data leaks occur. CBS News worked with a small company who specialize in Digital Copier Security to show how easy it was to obtain sensitive data.

By simply going to a used copier supplier and buying 4 random machines at a cost of around $300 each (without knowing who their previous owners were), they were, within an hour able to retrieve thousands of page prints of sensitive data including: Read more…

CSO Executive Seminar Series on Data Protection and Encryption…

March 10, 2010 Leave a comment

Just a reminder that tomorrow I will be speaking at the CSO Executive Seminar at the Hilton, Tysons Corner VA – http://public.cxo.com/conferences/index.html?conferenceID=64. The topic will be “5 practical steps for data protection”. I don’t expect it to be a McAfee sales push, I’ll be talking about technologies in general.

If you’re a reader of my blog(s) please come and say hello.

HITECH Name-And-Shame goes up a gear…

February 25, 2010 Leave a comment

Not content with naming-and-shaming companies who break the HIPAA/Hitech health regulations through the normal press, The U.S. Department of Health and Human Services is now reporting companies who lose control of more than 500 people’s records on their site.

A duty to do this comes via section 13402(e)(4) of the HITECH act .

4) Posting on HHS Public Website.—The Secretary shall make available to the public on the Internet website of the Department of Health and Human Services a list that identifies each covered entity involved in a breach described in subsection (a) in which the unsecured protected health information of more than 500 individuals is acquired or disclosed.

For those not in the know – HITECH is U.S act which enforces some duty of care on people’s health information. “Covered Entities” like Health Plan providers, Care Providers (hospitals, doctors etc) need to put safeguards in place to ensure that our individual health information is not seen or accessible by unauthorized people. You can find out about HITECH on their excellent consumer web site. Read more…

Speaking at the “Security: The New Business Imperative” Event

February 16, 2010 Leave a comment

For those in the area, I will be speaking next week (on the 23rd Feb) at the Security: The New Business Imperative event at the Westin Diplomat Golf Resort & Spar, Hallandale Beach FL.

The topic will be a review of current regulations, and practical steps you can take not to fall foul of them.

You can reserve a seat by contacting Tricia_Brown@mcafee.com, or (678) 653 9606

MA 201 CMR 17 Revisited..

February 2, 2010 Leave a comment

Though the deadline for MA 201 compliance has been extended until the end of the quarter, it’s a good time NOW to review what this regulation means to you and your business.

I must start with the usual “ask Gary” disclaimer – I’m not a lawyer, but the regulation is pretty easy to read (compared to many others) and I reccomend anyone subject to it prints it out and pays attention.

So, how do you know if you’re subject to MA 201 CMR 17 or not? Lets start from the top of the regulation itself: Read more…

83,000 Toronto Health users PHI exposed…

January 14, 2010 Leave a comment

Today it was announced that the personal information of 83,000 users of the Durham health systems became exposed when an unprotected USB stick containing their information was “lost”.

Not too uncommon you might think, but in this case, Ann Cavoukian, the Ontario privacy commissioner (who I had the pleasure of speaking with last year at than annual Privacy-By-Design conference), stepped in, demanding that they

“immediately implement procedures to ensure that any personal health information stored on any mobile devices [laptops, memory sticks, etc] is strongly encrypted.”

CBC news further reported that Commissioner Cavoukian expected every health authority in her province to follow suit.

Notable Breaches of PHI in 2009…

December 15, 2009 Leave a comment

This week, Network World posted an interesting slide show of some notable breaches of Health Record privacy from 2009. The mode of disclosure is telling, with internal misuse/fraud and stolen devices/media being prevalent.

http://www.networkworld.com/slideshows/2009/090209-health-breaches.html

The companies mentioned are: Read more…