Q: I am concerned about the security of my facility, specifically, the security of core and third-party infrastructure devices. I hear stories on a weekly basis about “critical vulnerabilities” but I never know if I am affected, or if my potential vulnerabilities are being fixed. What should I do?
A: Your concerns illustrate one [...]

Q: How can I determine if my Disaster Recovery Plan is up-to-date and, most of all, still workable?
A: Everyone knows that having a well-documented Disaster Recovery Plan is a necessary part of doing business. But when was the last time you re-visited your plan, made sure that everything is still current with respect to [...]

What should be considered when granting access to a HCIS? How should we as a facility come to our conclusion?
Most, if not all, HCIS systems have an access granting component. When granting access to end users, facilities should take into consideration their current practices, patient care flows, roles of the end users, as [...]

As the use of the internet increasingly becomes a community blackboard, how does that affect the risk of privacy violations for provider’s patients? What are implications when a hospital employee has their picture taken with a patient and posts it on their Facebook? People are talking about patients they cared for on a [...]

Nearly 20 percent of Medicaid managed care plan provider CalOptima members learned this week that personal health information, including demographic and medical procedure codes, has gone missing. The copies of the information were stored on an unidentified type of electronic media and sent via the United States Postal Service by a claims scanning vendor. According [...]

A July 10, 2009, study of 117 small and medium-sized businesses in Ireland found that a surprising 43 percent have not established disaster recovery plans and of those, more than half say they do not plan to create one. The shocking statistics include this list of findings:
* 16 percent said their organizations were “too [...]

I read stories about IT-related incidents which happen all over the world, and each time I see that there is a tremendous amount of practical knowledge which can be gained from other people’s mistakes, disasters, etc. This report comes from the “some people never learn” department, where we heard about the largest bank in [...]

We see on June 24th that Cornell University in Ithaca, New York, had to notify approximately 45,000 current and former staff members, students and their family members that a stolen laptop computer contained their unencrypted personal information. (I’ll bet that was a fun task!) The lost/stolen data included both names and social security [...]

These days the news is full of “unintentional” but easily avoided data loss hard-luck stories.  At the end of June it was learned that Canadian journalism students, who were researching electronic waste, bought a hard drive for $40 at a market in Ghana and then discovered that it contained unencrypted information about contracts between military [...]

News comes to us that earlier this month three people in the US have been indicted and five people in Italy have been arrested in connection with an international phone service hacking scheme. The group allegedly broke into IT systems at more than 2,500 companies around the world and stole codes used to route [...]