I am pleased to announce the launch of our new training program, Social Engineering: Spies and Sabotage. This course is a short module (~7 minutes long) that provides a general introduction to social engineering. After discussing several types of social engineering (phishing, baiting, pretexting, and tailgaiting), the course provides advice for avoiding these tricks and […]
Category: Training
Posts about Privacy, Security & HIPAA Training by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness & security training company.
The High Cost of Phishing and the ROI of Phishing Training
A study recently revealed that nearly 25% of data breaches involve phishing, and it is the second most frequent data security threat companies face. Phishing is an enormous problem, and it is getting worse. In a staggering statistic, on average, a company with 10,000 employees will spend $3.7 million per year handling phishing attacks.
Big Brother on the Cover: 50+ Covers for George Orwell’s 1984
by Daniel J. Solove One of the most well-known classic privacy books is George Orwell’s 1984, and it has been published in countless editions around the world. I enjoy collecting things, and I’ve gathered up more than 50 book covers of various editions of the novel. I find it interesting how various artists and designers […]
Understanding the FTC on Privacy and Security
by Daniel J. Solove I recently held a webinar about the Federal Trade Commission (FTC) for TRUSTe called Understanding the FTC on Privacy and Security. The webinar is free and is archived at TRUSTe’s site. Here is a brief synopsis of the webinar: For the past nearly two decades, the FTC has risen to […]
Lessons from the Latest HIPAA Enforcement Action
by Daniel J. Solove Recently, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) publicized its resolution agreement in its HIPAA enforcement action against St. Elizabeth’s Medical Center (SEMC). SEMC agreed to pay $218,000. The case began with a complaint filed with OCR back in 2012 that employees […]
Patient Access to Medical Records Under HIPAA: Significant Reform Needed
by Daniel J. Solove Recently, I wrote about the challenges in accessing health information about family members. In this post, I will explore patients’ access to their own medical records. HIPAA doesn’t handle patient access to medical records very well. There are many misunderstandings about patient access under HIPAA that make it quite difficult for […]
HIPAA’s Friends and Family Network: Access to Health Information
by Daniel J. Solove Suppose your elderly mother is being treated at the hospital for a heart condition. Your mother tells her doctor that you can have access to her health information. The doctor, however, doesn’t disclose the information to you. The doctor thinks that you can only have the information with a signed written […]
The Importance and Goals of HIPAA Training Programs
by Daniel J. Solove There is a great quote in this article from HealthcareInfoSecurity: that expresses very well the importance and goals of HIPAA training programs: Workforce training is important not only for preventing breaches, including those involving ID crimes, but also to help detect those incidents, [Ann Patterson of the Medical Identity Fraud Alliance] says. […]
Mr. Robot: My Review of the New TV Series
by Daniel J. Solove I’ve really been enjoying the new TV series Mr. Robot on USA. Network. It presents highly-engaging depictions of hacking and social engineering, and it is great entertainment for privacy and security geeks. The protagonist is Elliot Alderson (played by Rami Malek), a tech who works at a cybersecurity firm in New York City. […]
New Resource Page: HIPAA Training Requirements FAQ
by Daniel J. Solove I recently created a new resource page for the TeachPrivacy website: HIPAA Training Requirements: FAQ.