Here are some excerpts from an interesting article about information security. It relates to fulfillment of regulations, like ones given by HIPAA, as well as the shortcomings of companies and organizations in relation to their protection of sensitive data.

It is pretty interesting:

Despite the increased awareness, the recent frequency of security breaches seems to indicate that many companies have not adequately responded to the issue of data security within their organizations. New regulations and statutes are sure to get some attention, but the pressure to mitigate data security risks certainly increases as more fines are handed down and lawsuits are adjudicated.

Today’s society deals with an unprecedented amount of information. “There has been more electronic information, and therefore more digital assets, aggregated during the last two years than in the entire history of mankind before that,” says Kevin Kalinich, co-national managing director of Aon’s technology and professional risks group. Given the sheer amount of information exchanged, it has become increasingly difficult to not only protect it but even to identify what needs protecting.

Regardless of the solutions employed to reduce the risk of data security breaches, a balance of prevention strategies and mitigation efforts is likely the best possible protection. In fact, given how dependent modern business is on electronic data transmissions, it may no longer be an option to develop a data protection strategy.

As the courts and regulators place more emphasis on data security, businesses risk millions of dollars, and in severe cases like that of CardSystems, for instance, possibly the fate of their entire enterprise, by not addressing the issue. “We have to get smart and realize that when we create information, we create liability and when we create liability, we create responsibility,” says Nolan. Consider it just another cost of doing business in the 21st century.

Here’s a link to the entire article on “Top Tech News”

Source: TechListings.net

I’d heard about HIPAA, I knew it was about patient privacy, but I wasn’t sure exactly what it was or what HIPAA stood for. I found this from TechListings:

The American Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a set of rules to be followed by health plans, doctors, hospitals and other health care providers.

HIPAA took effect on April 14, 2003. In the health care and medical profession, the great challenge that HIPAA has created is the assurance that all patient account handling, billing, and medical records are HIPAA compliant.

Some provisions of the HIPAA involve patient/hospital interaction. For example, patients must be able access their record and correct errors and must be informed of how their personal information will be used. Other provisions involve confidentiality of patient information and documentation of privacy procedures. It is these provisions that have led to regulation-specific software updates, specialist consulting, and in some cases complete overhauls of medical billing and records systems.

So for those of you who’ve heard of HIPAA and weren’t sure what it was, or if you’ve signed a privacy form at your doctor’s office recently, here’s what the HIPAA hype is all about!