Episode 8: How the HIPAA Enforcement Rule Impacts the Compliance Efforts of Covered Entities
In this podcast I speak with two highly experienced HIPAA compliance experts to get their views and opinions about this much discussed but often debated regulation. In particular we discuss the relatively new HIPAA Administrative Simplification Enforcement Final Rule, and how it impacts providers and payers. We explore and try to determine what, if any, impact the HIPAA Enforcement Rule has on Covered Entities. During this episode I speak with Kevin Beaver, CISSP, an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC with over 18 years of experience in IT, specializing in performing information security assessments. Kevin has authored and co-authored 6 information security-related books including Hacking For Dummies and Hacking Wireless Networks For Dummies. I had the pleasure of being co-author with him for The Practical Guide to HIPAA Privacy and Security Compliance. Also joining this discussion is Brad Smith, who is both a Registered Nurse and a Certified Information Systems Security Professional. Brad has worked with HIPAA since 1999 and believes that we need this law. As Director of the Computer Institute of the Rockies, located in Helena, Montana, he helps rural and frontier critical access hospitals comply with HIPAA without facing undo financial hardship.
Length: 26:11 Download this podcast now!
Episode 7: Data De-identification and Masking Methods
In this podcast, a follow-up to my last podcast, “What IT Leaders Need to Know About Using Production Data for Testing,” I discuss some of the ways in which data can be de-identified, or masked, to use for not only test purposes, but also for demo and other purposes. There are many ways to de-identify and mask data. Some are better than others. It all depends upon the type of data you’re working with, and the associated application or system. I briefly describe seven ways in which data can be masked and de-identified, in addition to an alternative in the slim chance that there is absolutely no way in which anything other than production data can be used. The ultimate goal is to protect the privacy and confidentiality of personally identifiable information while also making meaningful data available for purposes of testing, demos or analysis.
Length: 15:16 Download this podcast now!
Episode 6: What IT Leaders Need to Know About Using Production Data for Testing
In this episode I discuss the issues involved with using live production data, particularly real personally identifiable information (PII), for test and demo purposes. For many years it has been the norm within organizations to use copies of production data for testing during applications and systems development. However, over the past few years this practice is becoming more and more of a bad idea with all the new privacy laws and regulations, identity theft cases, insider instigated fraud, increased customer awareness, and the growing number of companies using outsourced companies to manage applications development, testing and quality assurance. In this episode I discuss the importance of and reasons for using data that does not include real, production PII for test and development purposes.
Length: 15:29 Download this podcast now!
Episode 5: Demystifying Privacy Laws: What You Need to Know to Protect Your Business
We are undergoing a data protection renaissance. News laws have significantly expanded corporate obligations regarding security and privacy for information in all forms. A significant obligation of the laws is applicable to basically all organizations; the duty to provide reasonable security for all corporate information. Bottom line, generally all organizations have some legal obligation to establish effective information security programs. It is important to realize that in most cases there are no hard and fast rules regarding which specific security measures a company should implement to satisfy its legal and privacy law obligations. In this episode I discuss what you need to know to protect your business when trying to comply with the multitude of privacy laws, and I describe a unified, process oriented best practice approach to address most of the requirements of such laws as HIPAA, GLBA, Canada’s PIPEDA, the EU Data Protection Directive, among many, many others.
Length: 19:15 Download this podcast now!
Episode 4: Information Security and Privacy Professionals MUST Work Together to be Successful
Over the past few years, as the position of privacy officer has emerged and evolved, I have discussed the responsibilities and activities of privacy officers and information security officers with many of these professionals at various meetings, conferences and seminars. Something that has concerned, and continues to concern, me is how these two positions often seem to be at odds with each other. It's very likely there are some major compliance gaps, information security risks and vulnerabilities, and privacy infractions in organizations where CPOs and CISOs do not work together. They have far too many overlapping issues to address to not work together. In this podcast I discuss the overlaps between privacy and information security areas, and the business trends that both areas must address.
Length: 20:48 Download this podcast now!
Episode 3: How Encryption Supports Compliance
In this episode I discuss how encryption supports compliance as well as effectively protects personal information. Encryption is an under-utilized security tool. Considering the infinite number of today’s risks, threats and vulnerabilities, encryption can effectively keep unauthorized individuals and systems from accessing sensitive information and thwart many types of attacks. In today’s business environment with sensitive information being stored in multiple locations, many of them mobile, encrypting information is an effective privacy safeguard organizations can add to their arsenal of safeguard tools. I also discuss incidents that occurred and how the laws, regulations, and regulatory bodies encourage the use of encryption.
Length: 16:10 Download this podcast now!
Episode 2: How to Effectively Address Privacy in Business
In this episode I briefly discuss the current privacy concerns and business activities regarding the safeguarding of personal information and the types of impact incidents have upon business; the challenges associated with protecting personal information (both consumer and employee), and ways to address these challenges to avoid ending up in the newspaper as the next privacy incident headline; and the need to address privacy issues within business processes, not only to meet regulatory requirements but also to demonstrate due diligence, support business goals and build business value.
Length: 25:01 Download this podcast now!
Episode 1: Welcome to Realtime IT Compliance Community!
Thank you for joining the Realtime IT Compliance Community. In this podcast I explain the purpose and goals for making this a valuable, independent site to allow information security, privacy and compliance professionals in all sectors to share and communicate about the issues and news that impact our efforts.
Length: 13:28 Download this podcast now!