This past weekend, I had to accompany a relative to the emergency room of my local hospital. She had been feeling poorly and the doctor on call (hers was off for the weekend) suggested she needed to get checked out and get a blood test.
When we arrived, the check-in area had her complete some forms and entered her into the system. She has been to the hospital before, so her medical and insurance information was already there. Then we sat and waited; actually it wasn’t very long.
We went into the triage area where a nurse took her vitals, asked her what was wrong and copied down everything about her medications; she brought all the prescription bottles to make this easier. The nurse wrote some of this down on a form and entered some of it into the computer. After that, we went out to the waiting room and waited.
Read the rest of this entry »
It’s 2012. Do you know where your data is, who has access to it and what they are doing with it?
These are 3 fundamental questions that every organization should ask, because most people can’t answer all of them. You know you have data in databases. Most financial and customer data sits there and is hopefully protected by encryption. If you aren’t sure, you better check. But a lot of that data makes its way into spreadsheets, customer proposals, quotes, reports and numerous other documents. Do you know where all of them are and who is accessing them?
Data breaches seem to be in the headlines almost every day. Just do a Google search on “data breach” and you will get more than 29 million hits. Do a search on News stories in the last month and you will get over 2400. Here are a few interesting stats from 2011 according to the Verizon 2012 Data Breach Investigations Report. The report reviewed 855 confirmed security breaches that affected 174 million compromised records in 36 countries. This is the largest number of breaches ever reported. In all likelihood there were probably more that went unreported or discovered.
Read the rest of this entry »
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) controls the privacy and access of all protected health information (PHI) in the United States. One of the goals of the legislation is to help move the healthcare industry toward electronic health records (EHR). The value to patients and providers is faster and more accurate care, since clinicians, insurance companies and all related business organizations will have access to the same information.
In 2009, the US Congress passed the Health Information Technology for Economic and Clinical Health Act (HITECH Act) to further clarify and address the privacy and security concerns associated with the electronic transmission of health information. Language in the law extends HIPAA provisions to business associates of covered entities. This means that any organization that works with a healthcare provider is also subjected to the same laws and penalties.
Read the rest of this entry »
On January 28, 2012, the United States, Canada and many other countries celebrated Data Privacy Day. This is a recognition that people, businesses and governments need to be aware of data privacy and how to protect it. Last October, the US government marked the eighth annual National Cyber Security Awareness Month sponsored by the Department of Homeland Security. That event helped educate people on the importance of internet security. The two events go hand in hand.
Data Privacy Day is an annual international celebration designed to promote awareness about privacy and education about best privacy practices. It began in the US and Canada in January 2008, as an extension of the Data Protection Day celebration that started in Europe in 2007. In the US, the House and Senate passed resolutions recognizing January 28 as National Data Privacy Day.
Read the rest of this entry »
The unofficial motto for Google is “Don’t be evil”. It’s written on its Code of Conduct page as part of its investor relations information.
Google has 7 simple areas in this code of conduct that cover serving its users, respecting employees, avoiding conflicts of interest, preserving confidentiality, protecting Google’s assets, ensuring financial integrity and obeying the law. If you read them, it sounds like the company intends not to be evil.
Google’s privacy policies and terms of service are what affect most of the users of its services and websites. On January 24, 2012, in an effort to simplify the somewhat arcane policies of numerous Google services, it issued notices to users of a pending change in its privacy policies.
Read the rest of this entry »
