Opportunities abound for providing HIPAA compliance services

As many security solution providers struggle to find compliance opportunities, there is a great opportunity in supporting compliance with the Health Insurance Portability and Accountability Act (HIPAA).Even though the comprehensive laws intended to protect patient and health care data are [...]

Opportunities abound for providing HIPAA compliance services2014-04-11T17:48:00-07:00

HIPAA security checklist: 10 services your customers need

Recent changes to HIPAA and HITECH opened up significant new opportunities for security solution providers who can shoulder the risks and get themselves educated on these regulations. As this HIPAA security checklist of services, below, shows, there are 10 specific [...]

HIPAA security checklist: 10 services your customers need2020-04-29T22:42:23-07:00

HIPAA-compliant cloud storage services: Due diligence is key to survival

Many VARs are looking to profit from health care-related cloud storage services. But with profit comes responsibility. Whether you build your own or offer another’s service, the U.S. Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for [...]

HIPAA-compliant cloud storage services: Due diligence is key to survival2020-04-29T22:38:59-07:00

Exploring the risky business of cyber insurance and IT services contracts

In my time as a security consultant and managed services provider, I've seen some questionable behavior and attitudes. Prime among them is the common belief in the business community that indemnity offered by cyber insurance and contracts replaces prudent actions [...]

Exploring the risky business of cyber insurance and IT services contracts2020-04-29T22:43:11-07:00

Who has a Legal Obligation to Upgrade Windows XP, Office 2003 and Exchange 2003?

The best source of information covering this requirement comes from NIST, the National Institute for Standards and Technology.  They have a set of documents that are the standards for many requirements.  There is nothing specific in the NIST guidelines about the end of life for Windows XP, however, the need to provide Flaw Remediation is clear and that is what the X, Office 2003 and Exchange 2003 support requirements fall under.

 For example, NIST Special Publication (SP) 800-531 requires the SI-2, Flaw Remediation security control, which includes installing...

Who has a Legal Obligation to Upgrade Windows XP, Office 2003 and Exchange 2003?2017-09-18T06:03:39-07:00

The HIPAAcrisy of Healthcare.gov

Kathleen Sebelius at a House Energy and Commerce Committee hearing Wednesday said she is responsible for the problems with Healthcare.gov.  Will she extend her ownership to the violations of privacy regulations? Will she own the pathetic demonstration that political expediency means more to HHS than the commitment to applicants’ privacy?  Will HHS be a little more forgiving the next time another organization gets investigated for a HIPAA breach or will Tavenner and Sebelius be HIPAAcritical?

The HIPAAcrisy of Healthcare.gov2019-04-09T00:25:08-07:00

Internet Security Threat Report 2013

Creating successful targeted attacks requires attackers to learn about us. They will research our email addresses, our job, our professional interests, and even the conferences we attend and the websites we frequent. All of this information is compiled to launch a successful targeted attack. Once on our devices, the attacker’s tools are designed to pull as much data as possible. Undiscovered targeted attacks can collect years of our email, files, and contact information.

Internet Security Threat Report 20132013-08-16T00:38:15-07:00

Don’t Take Your Privacy for Granted – 13,000 Requests for User Data

I am again reading another story about the NSA.  This one is from ZDNet titled, Yahoo Reveals US Government Made 13,000 Requests for User Data. I am finding myself struggling with a solid opinion on the controversy over the NSA [...]

Don’t Take Your Privacy for Granted – 13,000 Requests for User Data2019-10-13T22:29:14-07:00

The HIPAA Omnibus Rule Went into Effect on March 26, 2013

If you are a healthcare covered entity or a business associate to a healthcare provider you better get on your encryption game.  If you have not done your risk assessment you better do that, too.  Here is a good article [...]

The HIPAA Omnibus Rule Went into Effect on March 26, 20132013-04-04T02:04:19-07:00

Don’t Serve as a HIPAA/HITECH Wall of Shame Warning to Others

There are easy ways to stay off of the Healthcare “Wall of Shame.” One of the most effective ways is to encrypt the hard drives on your mobile devices, PCs and servers. We have recently developed a solution to encrypt [...]

Don’t Serve as a HIPAA/HITECH Wall of Shame Warning to Others2013-04-01T19:34:45-07:00