» perlbot

A Primer on HITRUST, EHNAC, Meaningful Use, HITECH, and Their Relationship with the HIPAA Security Rule

Posted on April 4, 2011 by perlbot in Main | Leave a comment

At the risk of over simplifying the role each of these groups play in the healthcare industry, the essence is the same – different people trying to figure out the best way to securely use electronic protected health information (ePHI) and supporting technology. However, without a single, industry-developed and accepted approach to securing ePHI, we are left with a federal statute, the HIPAA Security Rule, to drive the information security programs of our payers, providers, and business associates. Unfortunately, as … →

Report on Data Privacy and Security in Health Care Industry

Posted on February 28, 2011 by perlbot in Main | Leave a comment

A report recently released by Deloitte performs a nice literature review including industry white papers and surveys, congressional testimony, and related journals. Interesting results include: 71% of HHS-reported information breaches are from Health Care Providers. The impact of a data breach over a two-year period is approximately $2 million per organization and the lifetime value of a lost patient is $107,580. Approximately one third of data breaches result in medical identity theft. Nearly 85 percent of hospitals are NOT in … →

Correction…8 million and counting

Posted on February 18, 2011 by perlbot in Main | 2 Comments

Since our 2010 Protected Health Information Breach Report was released, we have been asked a lot about trends in the industry. Well, just in the last couple weeks, a number of breaches have been released that occurred at the end of 2010. This includes 16 incidents, over half the result of theft and involving some type of portable media. The worst case involved 1.7 million records compromised as a result of 1) unencrypted backup tapes and 2) business associate leaves … →

6 Million and Counting

Posted on February 9, 2011 by perlbot in Main | Leave a comment

Redspin just released their annual report of protected health information breaches that occurred from late 2009 through the end of 2010. Over 200 breaches affecting 6,067,751 individuals have been recorded since August 2009 when the interim final breach notification regulation was issued as part of the Health Information Technology for Economic and Clinical Health (HITECH) Act. However, this number only includes breaches that affected more than 500 individuals. The number of breaches that affected less than 500 individuals must also … →

How do you really know if your Business Associate is adequately protecting your ePHI?

Posted on January 20, 2011 by perlbot in Main | Leave a comment

The HIPAA Security Rule now applies to Business Associates. We anxiously await for the final modifications due to be released in March. However, the problem is your Business Associates have access to your ePHI right now. There really is no time to wait for the auditing requirements in the HITECH Act to be further defined. You’ve identified all your business associates and have contracts in place that require them to protect your data. But what else can you do now … →

PCI DSS 2.0 Released – What Does It Mean For You?

Posted on January 11, 2011 by perlbot in Main | Leave a comment

Version 2.0 of the PCI DSS has clarified their testing expectations by requiring 1) external vulnerability scanning by an ASV quarterly as well as scanning following any significant change (can be performed by internal staff), 2) internal vulnerability scanning quarterly and after significant changes by qualified and independent internal staff or third-parties, 3) annual external penetration testing of applicable application and network layer vulnerabilities, and 4) annual internal penetration testing of applicable application and network layer vulnerabilities. All penetration testing … →

Lessons Learned From The BP Well Blowout For Your Industry

Posted on January 7, 2011 by perlbot in Main | Leave a comment

In advance of the much anticipated full report due on January 11th from the National Commission on the BP Deepwater Horizon Oil Spill and Offshore Drilling, a chapter was recently released outlining some key findings that are relevant not only to the oil industry but also every other enterprise. Low + Low = High “The well blew out because a number of separate risk factors, oversights, and outright mistakes combined to overwhelm the safeguards meant to prevent just such an … →

2010 Food Wiki Awards

Posted on December 30, 2010 by perlbot in Main | Leave a comment

It has been a long year, but the weeks on the road have paid gastronomic dividends. Gems uncovered, old standards revisited, experiments gone bad. Congratulations to this year’s winners. Best Dish Fresh Trout Luncheon Special, Mac’s Old House, Antioch CA – Nothing beats fresh delta fish for under $10. Cash only. Finalists Falafel, Azuri Cafe, NYC Cereal Milk, Momofuku’s Milk Bar, NYC Cinnamon Roll, Stella’s Kitchen and Bakery, Billings MT Potato Taco, Reyes Market, Carpinteria CA Best Restaurant Portos, Glendale/Burbank … →

Information Security – Need-to-Share too much?

Posted on December 20, 2010 by perlbot in Main | 1 Comment

In the post-9/11 world, disparate government agencies took flack for their need-to-know data sharing policies. To improve intelligence efforts, a need-to-share policy was employed, ideally resulting in more efficient communication and flow of inter-agency information. A need-to-share policy, however, also increases the risk of unauthorized access due to an increased threat-source population. Is opening up access and consequent weaker access-control a worthy security trade-off? Let us know what you think!

iPad’s killer app

Posted on December 20, 2010 by perlbot in Main | Leave a comment

Not so long ago came a device that offered everything you could ever want: a high powered processor, big display, portability, slick navigation, and a seemingly-endless supply of applications to choose from. Yet, one stood out above the rest: solitaire…the Windows 3.1 killer app. Fast-forward to the present and the whole plane-load of iPad-toting execs are working hard at….wait for it….scrabble. What will the future bring next?