I have seen for many years SMBs embracing the ASP/cloud delivery model. Now the rate of adoption has exponentially increased.
I am regularly seeing SMBs now having an Internet/border router, a WAP and shared desktop/laptop resources.
When will the larger organizations grab hold?
Monday, January 31, 2011
Saturday, January 29, 2011
Thursday, January 27, 2011
7 Health Information Privacy (HIP) Trends for '11
Per the article below, here are the seven (7) trends for HIP. Input was provided by the Ponemon Institute, Patient Privacy Rights, ID Experts, etc.
-Health Information Exchanges (HIEs) will be forced to deal with security and privacy issues.
-Increased fines and action by the states and regulatory bodies.
-The costs associated with data breaches will increase.
-Hospital governing boards will exert their power to hedge data breach risk.
-A significant 'data spill' is inevitable, and will force the national issue/agenda.
-HHS could remove the harm threshold, which may desensitize the public/patients.
http://www.healthcareitnews.com/news/experts-name-top-7-trends-health-information-privacy-2011
-Health Information Exchanges (HIEs) will be forced to deal with security and privacy issues.
-Increased fines and action by the states and regulatory bodies.
-The costs associated with data breaches will increase.
-Hospital governing boards will exert their power to hedge data breach risk.
-A significant 'data spill' is inevitable, and will force the national issue/agenda.
-HHS could remove the harm threshold, which may desensitize the public/patients.
http://www.healthcareitnews.com/news/experts-name-top-7-trends-health-information-privacy-2011
Inclement Weather: a 'live' business continuity drill
Over the years I have found inclement weather to be the best 'live' business continuity drill as executives, staff, property management, physical security and business partners clamor to: communicate a holistic plan of action, decide on when to open the 'doors', and if and when to follow the BCP/DRP.
The communication part is made much more difficult when it comes to larger, geographically dispersed organizations. What I find in such enterprises is the ubiquitous duplicity of formal and informal communication channels, which these days is easy to imagine with mobile devices.
The communication part is made much more difficult when it comes to larger, geographically dispersed organizations. What I find in such enterprises is the ubiquitous duplicity of formal and informal communication channels, which these days is easy to imagine with mobile devices.
Wednesday, January 26, 2011
Red Hat Fedora & Security Breach
It seems that a contributor for Fedora had his/her credentials taken the other day.
http://blog.internetnews.com/skerner/2011/01/fedora-linux-suffers-a-securit.html
http://blog.internetnews.com/skerner/2011/01/fedora-linux-suffers-a-securit.html
Social Media & Employee Privacy
The article below starts to discuss the line employers should draw for using social media for hiring or retaining employees. My question is where does the first amendment come in when it comes to a candidate's employability?
http://www.healthcareinfosecurity.com/podcasts.php?podcastID=951&rf=2011-01-26-eh&hq_e=el&hq_m=916974&hq_l=28&hq_v=bb1cf70608
http://www.healthcareinfosecurity.com/podcasts.php?podcastID=951&rf=2011-01-26-eh&hq_e=el&hq_m=916974&hq_l=28&hq_v=bb1cf70608
Tuesday, January 25, 2011
RFID Access Card Hacks
I spoke with a data security and privacy executive today about a potential attack vector of RFID hacking the access cards. While still not a popular attack vector, or a vulnerability to test in physical access controls, RFID hacks and the tools to do it are gaining ground.
With that said, I can dress in a utility person's uniform and bypass most card access controls anyways...
http://cyberinsecure.com/billion-rfid-access-cards-can-be-hacked/
With that said, I can dress in a utility person's uniform and bypass most card access controls anyways...
http://cyberinsecure.com/billion-rfid-access-cards-can-be-hacked/
Bank Systems & Technology 10 Trends for '11
I finally read the January 2011 issue of BS&T, and they had this to say for '11 trends:
-Mobile Banking
-Large Banks & Hybrid Clouds
-Automated Branch
-Social Media
-Balancing Business Gain with Added Risk
-Modern(ization)
-Analytics
-Mobile Payments
-Collaboration
-Loan Automation
-Mobile Banking
-Large Banks & Hybrid Clouds
-Automated Branch
-Social Media
-Balancing Business Gain with Added Risk
-Modern(ization)
-Analytics
-Mobile Payments
-Collaboration
-Loan Automation
Monday, January 24, 2011
IRS Toughens Stance on Online Tax Filing Software
The article below elaborates on what is now a year-long effort by the IRS to ensure Online Tax Filing Software providers have their act together from a privacy standpoint.
http://www.boston.com/business/personalfinance/managingyourmoney/archives/2011/01/irs_security_an.html
http://www.boston.com/business/personalfinance/managingyourmoney/archives/2011/01/irs_security_an.html
Copiers, Printers and Fax Machines...oh my!
The article below discusses a data breach that happened due to overlooking the need to securely wipe/overwrite data on copiers, etc. FYI, even fax machines and scanners hold residual information.
http://www.ama-assn.org/amednews/2011/01/10/bica0110.htm
http://www.ama-assn.org/amednews/2011/01/10/bica0110.htm
Does Privacy Give a Competitive Advantage?
I just read an article where the CEOof TRUSTe stated that privacy gives an organization/company a competitive advantage.
My response is that having proper privacy safeguards in place and articulating these through a privacy policy will certainly give some business partners and clients/consumers peace of mind. However, privacy is only a competitive advantage for some industries/sectors and/or business models, namely: social networking, cloud computing, legal, financial services, healthcare and anything that deals with records management. Maybe supermarkets, with all of your data on their 'value cards' are next....
My response is that having proper privacy safeguards in place and articulating these through a privacy policy will certainly give some business partners and clients/consumers peace of mind. However, privacy is only a competitive advantage for some industries/sectors and/or business models, namely: social networking, cloud computing, legal, financial services, healthcare and anything that deals with records management. Maybe supermarkets, with all of your data on their 'value cards' are next....
Friday, January 21, 2011
More on cyberwar....
Amen to the fact that we are in an ever present cyberwar.
http://blogs.bankinfosecurity.com/posts.php?postID=828&rf=2011-01-21-eb
http://blogs.bankinfosecurity.com/posts.php?postID=828&rf=2011-01-21-eb
Security Training
I read the article below and was reminded of my times in the U.S. Army. During my tenure in the military we trained, and trained, and trained some more.
There is a fine line between when employees/partners/patients/customers stop listening to a CISO/ISO/CPO warnings versus when they drink the Kool-Aid. All of us need to find this fine line, which is different based on our specific audiences (Sales, Trading, ER/ED, Radiology, HR, etc.)....
http://www.healthdatamanagement.com/news/breach-indianapolis-email-hacker-notification-41758-1.html?ET=healthdatamanagement:e1618:145757a:&st=email&utm_source=editorial&utm_medium=email&utm_campaign=HDM_Daily_012011
There is a fine line between when employees/partners/patients/customers stop listening to a CISO/ISO/CPO warnings versus when they drink the Kool-Aid. All of us need to find this fine line, which is different based on our specific audiences (Sales, Trading, ER/ED, Radiology, HR, etc.)....
http://www.healthdatamanagement.com/news/breach-indianapolis-email-hacker-notification-41758-1.html?ET=healthdatamanagement:e1618:145757a:&st=email&utm_source=editorial&utm_medium=email&utm_campaign=HDM_Daily_012011
Thursday, January 20, 2011
The Semantics Between a Data, Privacy and/or Security Breach
These days consultants and consulting firms, like mine, present their opinions and perform knowledge transfer through webinars, white papers and/or articles. In the midst of all of these artifacts are the semantics between what constitutes a data, privacy and/or security breach.
Data Breach: In my (humble) opinion this is a catch all. Data/information has been exposed and it does not matter whether it was a privacy and/or security flaw.
Privacy Breach: This often occurs due to a lack of security. However, a privacy breach is an event where someone without authorization gained access to or received information/data.
Security Breach: Is an event where an individual gained physical or logical access to a facility, system or network location.
In summary, a hacker gaining access to a system is a security breach. If that hacker extracts data from that system, it is now a data/privacy breach. If a doctor is able to retrieve healthcare information about a celebrity in their hospital, and it is not their patient, that is a privacy breach. Finally, if someone looses unprotected data/information (hard-copy report, laptop, mobile device) on the subway this is a data breach.
Data Breach: In my (humble) opinion this is a catch all. Data/information has been exposed and it does not matter whether it was a privacy and/or security flaw.
Privacy Breach: This often occurs due to a lack of security. However, a privacy breach is an event where someone without authorization gained access to or received information/data.
Security Breach: Is an event where an individual gained physical or logical access to a facility, system or network location.
In summary, a hacker gaining access to a system is a security breach. If that hacker extracts data from that system, it is now a data/privacy breach. If a doctor is able to retrieve healthcare information about a celebrity in their hospital, and it is not their patient, that is a privacy breach. Finally, if someone looses unprotected data/information (hard-copy report, laptop, mobile device) on the subway this is a data breach.
Sandboxing: the Good, the Bad and the Ugly
So, I just read the article below and it reminded me of a conference call I had the other day with a venture capitalist (VC). Basically, the VC had a client working on a Sandbox solution for mobile devices, and the VC wanted an idea on the viability of the product and the market potential.
http://searchsecurity.techtarget.com/news/interview/0,289202,sid14_gci1526250,00.html
What I told the VC, and what the article above reiterates/reinforces, is that sandboxing is another tool in the toolbox. Like antivirus (AV) solutions, etc. we still need to rely upon a comprehensive defense-in-depth strategy. Regardless of Adobe/Apple/Microsoft, etc. coming out with sandboxing methods users & orgs need multiple towers, parapets, moats & Alligators....
http://searchsecurity.techtarget.com/news/interview/0,289202,sid14_gci1526250,00.html
What I told the VC, and what the article above reiterates/reinforces, is that sandboxing is another tool in the toolbox. Like antivirus (AV) solutions, etc. we still need to rely upon a comprehensive defense-in-depth strategy. Regardless of Adobe/Apple/Microsoft, etc. coming out with sandboxing methods users & orgs need multiple towers, parapets, moats & Alligators....
Cloud Orgs vs. Cloud Vendors
I just downloaded Microsoft's Windows Azure Security Notes, and after giving a cursory look I noticed that they do not even refer to CSA, ENISA or any of the other groups that are providing objective, independent guidance with the cloud.
Is it me, or are the vendors snubbing these groups? This does not surprise me as they have done so in the past with other groups (e.g. OWASP, HITRUST).
As we have launched the CSA-DelVal chapter here in the Greater Philadelphia area my hope is that the vendors get on board, literally and figuratively.
Is it me, or are the vendors snubbing these groups? This does not surprise me as they have done so in the past with other groups (e.g. OWASP, HITRUST).
As we have launched the CSA-DelVal chapter here in the Greater Philadelphia area my hope is that the vendors get on board, literally and figuratively.
Wednesday, January 19, 2011
RSA's Cybercrime Trends Report
RSA published the following:
https://www.rsa.com/go/wpt/wpindex.asp?WPID=11221
Honestly, I do not see eye-to-eye with the 800-pound Gorilla here. I do think their interest/prediction in mobile app vulnerabilities is on target, but I think Advanced Persistent Threats (APT) are no where near as high a risk as the cloud. From brute-force hacks off of cloud providers' beefed-up boxes to economic denial of service (eDoS) attacks, the cloud is a coming.
https://www.rsa.com/go/wpt/wpindex.asp?WPID=11221
Honestly, I do not see eye-to-eye with the 800-pound Gorilla here. I do think their interest/prediction in mobile app vulnerabilities is on target, but I think Advanced Persistent Threats (APT) are no where near as high a risk as the cloud. From brute-force hacks off of cloud providers' beefed-up boxes to economic denial of service (eDoS) attacks, the cloud is a coming.
Tuesday, January 18, 2011
Medical Image Archiving
This white paper touches upon one of the largest dilemmas, at least in my opinion, in HIT today.
http://www.healthcareinfosecurity.com/whitepapers.php?wp_id=398&rf=2011-01-18-wp-txt&hq_e=el&hq_m=903672&hq_l=11&hq_v=bb1cf70608
http://www.healthcareinfosecurity.com/whitepapers.php?wp_id=398&rf=2011-01-18-wp-txt&hq_e=el&hq_m=903672&hq_l=11&hq_v=bb1cf70608
Monday, January 17, 2011
National Data Breach Legislation
This morning I saw an article from the link below stating that a national data breach registrar/notification system is needed.
http://www.bankinfosecurity.com/
I concur, however I think we need holistic data breach legislation that will dictate: what constitutes a breach, baseline security controls/safeguards to prevent a breach, a database/website enumerating all breaches and finally the incident response workflow (including timeline, information dissemination, etc.) that an organization would follow once a breach is detected/determined.
http://www.bankinfosecurity.com/
I concur, however I think we need holistic data breach legislation that will dictate: what constitutes a breach, baseline security controls/safeguards to prevent a breach, a database/website enumerating all breaches and finally the incident response workflow (including timeline, information dissemination, etc.) that an organization would follow once a breach is detected/determined.
Sunday, January 16, 2011
Classifying Data & Users
Master Data Management (MDM), Information Lifecycle Management (ILM) and other acronyms are gaining ground as organizations see the need and/or requirement for classifying data.
Beyond data classification strategies, I find the need to classify/identify users, especially super users. My respect and acknowledgement towards classification strategies also extends to the higher education classroom, where I frequently find a substantial difference in students' ability, motivation and prior experience in the course topic.
Beyond data classification strategies, I find the need to classify/identify users, especially super users. My respect and acknowledgement towards classification strategies also extends to the higher education classroom, where I frequently find a substantial difference in students' ability, motivation and prior experience in the course topic.
Saturday, January 15, 2011
Cyber-warfare
Cyber-warfare is here, and has been for a while. Relatively recently Russia used such tactics against the country of Georgia, and according to the NY Times, now the U.S. and Israel have used such tactics against Iran.
http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?_r=1&hp
I also remember reading several years ago about West Pointers studying such topics as well....
http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?_r=1&hp
I also remember reading several years ago about West Pointers studying such topics as well....
Banking & Mobile/Cloud P2P
When I see the article below I think of a bank using this for a competitive advantage, BUT I also think of the numerous holes/vulnerabilities in P2P apps (BTW, Skype IS NOT secure) and the lack of security controls/safeguards surrounding most individuals' mobile devices (i.e. ignoring access controls, like a user-generated PIN, for the device).
http://www.bankinfosecurity.com/articles.php?art_id=3250&rf=2011-01-15-eb
http://www.bankinfosecurity.com/articles.php?art_id=3250&rf=2011-01-15-eb
Friday, January 14, 2011
Another Reason to Move Beyond SHA-1
I have been identifying SHA-1 as oblselete in audit/vulnerability reports for a while now, with some occasional push-back from clients. While SHA-1 is better than nothing, the article below highlights another reason to upgrade.
http://infoworld.com/t/data-security/amazon-ec2-enables-brute-force-attacks-the-cheap-447
http://infoworld.com/t/data-security/amazon-ec2-enables-brute-force-attacks-the-cheap-447
Wednesday, January 12, 2011
Insecure Mobile Apps for Cars
I keep seeing the Big 3 American car companies advertise their latest bells and whistles for their cars, namely mobile applications for unlocking doors, ignition, etc. and I wonder, wonder when we will see a breach or an incident.
http://news.cnet.com/8301-27080_3-20015184-245.html
The public is still ignorant of the vulnerabilities in 802.11 (Wi-Fi) & 802.15 (Bluetooth), so let's wait and see what happens with mobile apps for cars.
http://news.cnet.com/8301-27080_3-20015184-245.html
The public is still ignorant of the vulnerabilities in 802.11 (Wi-Fi) & 802.15 (Bluetooth), so let's wait and see what happens with mobile apps for cars.
Banking, Financial Services & the Cloud
According to InformationWeek Analytics 47% of Banking & Financial Services firms use the cloud, which surprises me. With that said, I am very interested to learn more about what specific services they are using (PaaS, IaaS, SaaS), what size they are (SMB, Multinational), and what types of firms (I-banks, Invest Mgmt, Life Insurance, etc.) are the most prevalent as far as cloud users.
More to come.
More to come.
Barriers to Automation
As we work more and more in the SMB space (it is certainly underserved from an InfoSec standpoint) I continually notice that business owners/professionals use the data security and privacy segment as a barrier to automation, amongst many other excuses. Below is a great example.
http://www.emrandhipaa.com/emr-and-hipaa/2011/01/11/convincing-doctors-to-do-emr/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+EmrAndHipaa+%28EMR+and+HIPAA%29
As a technologist first, and as a data security and privacy guru/advocate being a very close second, I feel that it is our job to enable optimal performance through technology, instead of being the data security and privacy Gestapo. In other words, and yes it is cliche, we are and should be business enablers. Such matters are easier these days (e.g. WPA-enabled wireless routers), but it is a sales pitch that we must continually execute.
http://www.emrandhipaa.com/emr-and-hipaa/2011/01/11/convincing-doctors-to-do-emr/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+EmrAndHipaa+%28EMR+and+HIPAA%29
As a technologist first, and as a data security and privacy guru/advocate being a very close second, I feel that it is our job to enable optimal performance through technology, instead of being the data security and privacy Gestapo. In other words, and yes it is cliche, we are and should be business enablers. Such matters are easier these days (e.g. WPA-enabled wireless routers), but it is a sales pitch that we must continually execute.
Tuesday, January 11, 2011
Crime in the Cloud
An interesting read indeed....
http://searchcloudcomputing.techtarget.com/generic/0,295582,sid201_gci1525619,00.html?asrc=EM_EDA_13137264&uid=8266525
It looks like this is the new area for digital forensics too.
http://searchcloudcomputing.techtarget.com/generic/0,295582,sid201_gci1525619,00.html?asrc=EM_EDA_13137264&uid=8266525
It looks like this is the new area for digital forensics too.
Monday, January 10, 2011
Incident Response
As I hear about the events of the Tucson, AZ shooting I am reminded of how we need to test our incident response plans and procedures.
What is resoundingly clear is our need to integrate the P&Ps of InfoSec with Physical Security and/or BCP/DRP. We live in a crazy world, and these public shooting sprees are all too common. Sad, but true...
What is resoundingly clear is our need to integrate the P&Ps of InfoSec with Physical Security and/or BCP/DRP. We live in a crazy world, and these public shooting sprees are all too common. Sad, but true...
Friday, January 7, 2011
Time to Get a Cloud Strategy
I saw this online today, and yep it is about time...
http://itknowledgeexchange.techtarget.com/total-cio/whether-public-private-or-hybrid-its-time-to-get-a-cloud-strategy/
However, orgs also need a social media & mobile device strategy as well....
http://itknowledgeexchange.techtarget.com/total-cio/whether-public-private-or-hybrid-its-time-to-get-a-cloud-strategy/
However, orgs also need a social media & mobile device strategy as well....
Thursday, January 6, 2011
CERN & Private Cloud
So, apparently CERN, which should sound familiar for anyone who has read Dan Brown's novel 'Angels & Demons' and/or seen the movie, has created their own private cloud for research purposes. See below.
http://viewer.bitpipe.com/viewer/viewDocument.do?accessId=13768479
This makes sense, and as time goes by I would not be surprised to see NIST, PARC, John's Hopkin's U and other large, well-funded research orgs go to the private cloud. However, I must say that I am surprised that we don't hear about private clouds in the large Pharma space yet. I suspect that is close to our horizon.
http://viewer.bitpipe.com/viewer/viewDocument.do?accessId=13768479
This makes sense, and as time goes by I would not be surprised to see NIST, PARC, John's Hopkin's U and other large, well-funded research orgs go to the private cloud. However, I must say that I am surprised that we don't hear about private clouds in the large Pharma space yet. I suspect that is close to our horizon.
Wednesday, January 5, 2011
Predictions from EMRandHIPAA.com
Thanks to John from EMRandHIPAA.com for the following:
-Doctors Returning to House Calls.
My $0.02: This is inevitable thanks to mobile technology, the high overhead of keeping an office, and the economic reality that middle-aged children will have to house their aging (mobility-limited) parents.
-First EMR Lawsuit.
My $0.02: I see this happening from a HIPAA violation of a cloud-based EMR provider, namely one of their vendors, or a business associate of a business associate within the Healthcare space. Similar events have happened before with everyone pointing the finger at each other.
-Doctors Returning to House Calls.
My $0.02: This is inevitable thanks to mobile technology, the high overhead of keeping an office, and the economic reality that middle-aged children will have to house their aging (mobility-limited) parents.
-First EMR Lawsuit.
My $0.02: I see this happening from a HIPAA violation of a cloud-based EMR provider, namely one of their vendors, or a business associate of a business associate within the Healthcare space. Similar events have happened before with everyone pointing the finger at each other.
The Dichotomy of Authentication
After reading the article below, and helping my Father's law practice transition out to retirement, I am reminded of the HUGE dichotomy involving authentication.
http://www.healthcareinfosecurity.com/podcasts.php?podcastID=920&rf=2011-01-05-eh&hq_e=el&hq_m=886443&hq_l=26&hq_v=bb1cf70608
Now, this difference is due to dollars and regulatory requirements, but as the Geisinger techie above states you can not be content with your authecntication strategy. The problem is that most SMBs, and some Multinationals, are happy with just having the most basic authentication in place.
Will the cloud change this? I hope so.
http://www.healthcareinfosecurity.com/podcasts.php?podcastID=920&rf=2011-01-05-eh&hq_e=el&hq_m=886443&hq_l=26&hq_v=bb1cf70608
Now, this difference is due to dollars and regulatory requirements, but as the Geisinger techie above states you can not be content with your authecntication strategy. The problem is that most SMBs, and some Multinationals, are happy with just having the most basic authentication in place.
Will the cloud change this? I hope so.
Tuesday, January 4, 2011
2011 Data Security Predictions
I just wrapped up a webinar from this past December that was presented by Andrew Jaquith, who is the CTO of Perimeter E-Security. He goes on to present the following as 2011 data security predictions:
1. Employers will lock down phones.
2. DLP will gain (quasi ubiquitous) traction.
3. The term 'Abstract Persistent Threats' will die off.
4. The U.S. will creep towards EU-styled protections.
5. Public (Federal) data security benchmarks will emerge.
My $0.02 here:
-Employers need to lock down (& archive) social media too.....
-DLP, End-Point Security & Cloud-based IAM (IdM) solutions will all gain traction.....
-Who cares about APT....
-It is about time for the U.S. to have a thoughtful, coherent, cross-industry data security/privacy requirement. The States, and all of the Lawyers, have been having a field day with this. And, it is a barrier to entry.
1. Employers will lock down phones.
2. DLP will gain (quasi ubiquitous) traction.
3. The term 'Abstract Persistent Threats' will die off.
4. The U.S. will creep towards EU-styled protections.
5. Public (Federal) data security benchmarks will emerge.
My $0.02 here:
-Employers need to lock down (& archive) social media too.....
-DLP, End-Point Security & Cloud-based IAM (IdM) solutions will all gain traction.....
-Who cares about APT....
-It is about time for the U.S. to have a thoughtful, coherent, cross-industry data security/privacy requirement. The States, and all of the Lawyers, have been having a field day with this. And, it is a barrier to entry.
Back in Black
Like the subject says we at nControl are hitting the ground running on all cylinders this week as life returns to normal. For us that means hectic and exciting.
Between new projects & clients, launching the CSA-DelVal Chapter, new workgroups (e.g. HITRUST's Cloud Security, etc.), and finally new schools & classes, life has ramped up big time.
It seems that SMBs are turning around, and as they do, so does nControl.
Happy 2011!
Between new projects & clients, launching the CSA-DelVal Chapter, new workgroups (e.g. HITRUST's Cloud Security, etc.), and finally new schools & classes, life has ramped up big time.
It seems that SMBs are turning around, and as they do, so does nControl.
Happy 2011!
Intellectual Property, Privacy and Entrepreneurs
I just read the article below, which discusses a common thread amongst entrepreneurs, and that is failure. Specifically, elegant failure, and learning from it. Additionally, the article discusses how the entrepreneur in question avoids patent/Intellectual Property (IP)-specific fields for his venture capital (VC) efforts.
My thoughts about this are:
-IP/commercial privacy is a competitive advantage.
-If everything is open commercially, isn't that a dangerous precedent for individual privacy?
-This entrepreneur discusses openness due to high costs for IP licensing, so why not make IP less cost prohibitive?
http://www.bbc.co.uk/news/business-12019713
My thoughts about this are:
-IP/commercial privacy is a competitive advantage.
-If everything is open commercially, isn't that a dangerous precedent for individual privacy?
-This entrepreneur discusses openness due to high costs for IP licensing, so why not make IP less cost prohibitive?
http://www.bbc.co.uk/news/business-12019713
Monday, January 3, 2011
Happy New Year & HIPAA
Happy New Year everyone!
I woke up this morning to find an email from a listserv I subscribe to asking about HIPAA data, namely PHI storage. After some replies from the various readers, it was apparent that many know a little about HIPAA and its requirements, but few know a lot.
Is this what the creators of HIPAA/HITECH had in mind? Speaking of which, ask your Dentist about HIPAA?
Excuse my venting here, but in this economy I find the corners being cut at the expense of patients'/customers' expense...... Is this the new status quo?
I woke up this morning to find an email from a listserv I subscribe to asking about HIPAA data, namely PHI storage. After some replies from the various readers, it was apparent that many know a little about HIPAA and its requirements, but few know a lot.
Is this what the creators of HIPAA/HITECH had in mind? Speaking of which, ask your Dentist about HIPAA?
Excuse my venting here, but in this economy I find the corners being cut at the expense of patients'/customers' expense...... Is this the new status quo?
Saturday, January 1, 2011
Cloud Security
As usual I have stepped into a domain surrounded by smart go-getters, and find myself falling down the Rabbit hole. With 2011 here, and with my increased optimism in the U.S. economy, it is time to step up the networking, namely: Cloud Camp, PhillyAWS, PHL-VMUG and CSA-DelVal.
More posts on CSA, and the cloud to follow.....
More posts on CSA, and the cloud to follow.....
Red Flags Rule Recision
The Red Flags Rule has been revoked for the vast majority of the Healthcare industry, and looking back on 2010 I question this precedent as other industries (namely Legal) have successfully pushed back too.
What does this say for the state of regulation and privacy in the U.S.? Regardless, as I hear the reality that U.S. companies have ramped up hiring overseas, maybe mandates like EU and J-SOX will serve American consumers interests as well.
What does this say for the state of regulation and privacy in the U.S.? Regardless, as I hear the reality that U.S. companies have ramped up hiring overseas, maybe mandates like EU and J-SOX will serve American consumers interests as well.
Subscribe to:
Posts (Atom)