Kevin is a featured writer for TechTarget. Here is is latest column: _________________________________________________________ A few months ago, I wrote an article about the practice of non-attorneys consulting on HIPAA business associate agreements. After talking with scores of people about the [...]
Here is a controversial article written recently by Kevin McDonald for TechTarget. ------------------------------------------------------------------------------------------------------------------------------------- Under federal law, the Health Information Portability and Accountability Act (HIPAA) Privacy Rule extends to a class of business entities (i.e., health plans, health care clearinghouses and [...]
As many security solution providers struggle to find compliance opportunities, there is a great opportunity in supporting compliance with the Health Insurance Portability and Accountability Act (HIPAA).Even though the comprehensive laws intended to protect patient and health care data are [...]
Recent changes to HIPAA and HITECH opened up significant new opportunities for security solution providers who can shoulder the risks and get themselves educated on these regulations. As this HIPAA security checklist of services, below, shows, there are 10 specific [...]
Many VARs are looking to profit from health care-related cloud storage services. But with profit comes responsibility. Whether you build your own or offer another’s service, the U.S. Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for [...]
In my time as a security consultant and managed services provider, I've seen some questionable behavior and attitudes. Prime among them is the common belief in the business community that indemnity offered by cyber insurance and contracts replaces prudent actions [...]
The best source of information covering this requirement comes from NIST, the National Institute for Standards and Technology. They have a set of documents that are the standards for many requirements. There is nothing specific in the NIST guidelines about the end of life for Windows XP, however, the need to provide Flaw Remediation is clear and that is what the X, Office 2003 and Exchange 2003 support requirements fall under.
For example, NIST Special Publication (SP) 800-531 requires the SI-2, Flaw Remediation security control, which includes installing...
Kathleen Sebelius at a House Energy and Commerce Committee hearing Wednesday said she is responsible for the problems with Healthcare.gov. Will she extend her ownership to the violations of privacy regulations? Will she own the pathetic demonstration that political expediency means more to HHS than the commitment to applicants’ privacy? Will HHS be a little more forgiving the next time another organization gets investigated for a HIPAA breach or will Tavenner and Sebelius be HIPAAcritical?
Creating successful targeted attacks requires attackers to learn about us. They will research our email addresses, our job, our professional interests, and even the conferences we attend and the websites we frequent. All of this information is compiled to launch a successful targeted attack. Once on our devices, the attacker’s tools are designed to pull as much data as possible. Undiscovered targeted attacks can collect years of our email, files, and contact information.
I am again reading another story about the NSA. This one is from ZDNet titled, Yahoo Reveals US Government Made 13,000 Requests for User Data. I am finding myself struggling with a solid opinion on the controversy over the NSA [...]
Skip to content
