-
-
Subscribe by Email
Categories
-
Recent Posts
Archives
Category Archives: Compliance
HIPAA Happens – A Video from UNLV
Looking for a video to show your staff some of the ways that they might breach the HIPAA Privacy and/or Security rules? Here’s a short (5 minute) YouTube video from UNLV called HIPAA Happens that illustrates some possible scenarios. Send … Continue reading
Posted in Compliance, Information Security
Leave a comment
Privacy and Security Rules Cover Information – Not Technology
With few exceptions, rules relating to privacy and security such as HIPAA and GLBA (Gramm Leach Bliley) cover the information, and don’t specifically relate to any particular technologies. So, they apply whether you’re using your PC, a fax machine, a … Continue reading
Posted in Compliance, Information Security
Leave a comment
Security Awareness Training for Call Center Reps
Call centers often handle highly sensitive information for customers including financial data such as credit card details, Social Security numbers, and bank account details; and, in some cases, health information. This means that they need to comply with an increasing … Continue reading
Posted in Compliance, Education, Information Security
Leave a comment
Data Exchanged Between Employees Could be a Security Breach
The Washington Post recently reported that an employee in the National Finance Center sent an Excel spreadsheet of employees’ personal information to a coworker in an unencrypted email. The Commerce Department sent a letter to all affected employees notifying them … Continue reading
Posted in Compliance, Information Security
Leave a comment
Signed Policies Are a Must-Have
A couple of interesting articles today. Germany has just enacted a new law that requires companies to obtain a signed consent from employees before their work communications can be monitored. How this affects monitoring for inappropriate, illegal and insecure communications … Continue reading
Posted in Compliance
Leave a comment
HIPAA /HITECH Breach Notification Applies to Deceased Individuals
In her Realtime IT Compliance blog, Rebecca Herold posted an article about the implications of the FTC’s Health Breach Notification Rule. As usual, it’s probably going to take a while for the dust to settle so that we can understand … Continue reading
Posted in Compliance
Leave a comment
CMS Recommendations for Complying with the HIPAA Security Awareness Training Requirements
During 2008, the Centers for Medicare & Medicaid Services (CMS) Office of E-Health Standards and Services (OESS) reviewed ten HIPAA covered entities (CEs) for their compliance with the HIPAA Security Rule. They found that the CEs had problems in compliance … Continue reading
Posted in Compliance, Education, Information Security
Leave a comment
1 Course per Month Programs – Why I Don’t Like Them
Some organizations use a “1 course per month” approach to trickle security awareness training out to their staff – the intention being that they avoid overloading staff with a large amount of training upfront by dividing it up into more … Continue reading
Posted in Compliance, Education
Leave a comment
The Second Year and Beyond
Let’s say that you’ve been tasked with establishing a security awareness program to comply with the regulations that apply to your organization. You set up a series of courses – probably web-based because you have too many students and insufficient … Continue reading
Posted in Compliance, Education
1 Comment
Save Money by Automating Policy Signature Management
Many laws and regulations – both security-related and other areas of HR – require employees to review a set of policies and sign them to indicate that they understand and will obey them. This usually involves someone printing out multiple … Continue reading
Posted in Compliance
Leave a comment