I hear this question very often. It is similar to the question, “Is email HIPAA compliant?” or “Are texts HIPAA compliant?” And while my gut often kicks in and I want to easily say, “No!” that is often a bad answer. Here is why. We don’t know whether something is compliant or not if we […]
In April of 2013 the Office of Civil Rights, the branch of the Department of Health and Human Services that oversees compliance with the HIPAA Security Rule, started releasing analysis from their pilot audit of Security Rule compliance. In 2012, OCR and their audit partner KPMG set out to assess 115 organizations: hospitals, insurance companies, […]
Perfect security is not possible, feasible nor required by law. In fact, information security laws and regulations require that we provide “reasonable and appropriate” security through a well-defined risk management process. Without a risk-based approach, organizations attempt to address information security requirements by either attempting to comply with a long list of security controls, or […]
The United States is an exceptional country in many ways, not least of which is that we don’t like doing what governments tell us to do. It’s in our moral fiber to rebel. One telling example of this was expressed in a historical article comparing US railroads to European railroads in the nineteenth century. What […]
I’m going to refer to another something in a previous blog, the one about Verizon’s 2012 Data Breach Report regarding PCI Compliance.
Maintaining HIPAA compliance use to not have much teeth behind it. Times have changed, however, as the Alaska Department of Health and Social Services (DHSS) is too well aware.
We all know Windows Active Directory is a great solution to centrally manage users and computers.
A Guide to System Hardening:
Don’t Understand Compliance? On January 18th, Jon Stewart of The Daily Show teased U.S Representative Mel Watt for failing to understand a bill that he was trying to pass.