PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

HIPAA Cartoon – HIPAA Compliance Program

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
August 21, 2016

HIPAA Training - Cartoon HIPAA Compliance

Recently, HIPAA celebrated its 20th birthday.  HHS issued a celebratory blog post.  HIPAA is 20 years old if you start counting from the date the statute was passed (1996).  If we measure HIPAA’s age from the date that the HIPAA Privacy Rule became effective (2003), then HIPAA is 13.

So HIPAA could be 20 years old, eager to become 21 and be able to drink (right now, it just makes people want to drink) or 13 years old and about to begin being an unruly teenager.

A few years ago, I published an article in the Journal of AHIMA to celebrate HIPAA’s 10th birthday (counting from when the Privacy Rule became effective).  The article discusses HIPAA’s growth and impact, and is a quick read if you’re interested.  You can download it for free here:

HIPAA Turns 10: Analyzing the Past, Present, and Future Impact
84 Journal of AHIMA 22 (April 2013)

Continue Reading

Is a Ransomware Attack a HIPAA Data Breach?

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
August 19, 2016

Ransomware - Security Awareness Training

As ransomware escalates and poses serious security risks for healthcare institutions, many privacy experts and legislators have called for more specific guidance from the U.S. Department of Health and Human Services (HHS).

A few weeks ago, HHS responded to these calls with a detailed fact sheet to explain ransomware and provide advice.  Although most of the document outlines what should be obvious for an organization that already has a solid data security plan (including reliable back-ups, workforce training, and contingency plans), the major headline is HHS’s verdict on whether or not a ransomware attack qualifies as a data breach under HIPAA.

Continue Reading

Passwords Cartoon – Security Awareness Training

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
August 3, 2016

Cartoon Passwords - TeachPrivacy Security Awareness Training 01

Here’s a cartoon I created to illustrate the importance of security awareness training.  I hope you find it amusing.

Continue Reading

“Privacy”: A Unique Play Starring Your Smart Phone

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
August 1, 2016

Privacy Awareness

I was fortunate to see James Graham’s incisive play “Privacy” this past Sunday at the Public Theater in New York City.  The play is a witty and immensely engaging examination of all the data being collected about us and being assembled into digital dossiers.  Technology is adeptly woven into the play.  At many points during the production, audience members are asked to use their smart phones.  The script is entertaining and intelligent.  There is never a dull moment, and I was laughing throughout. Continue Reading

Microsoft Just Won a Big Victory Against Government Surveillance — Why It Matters

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
July 15, 2016

eye

Yesterday, Microsoft won a huge case against government surveillance, a case with very important implications: In the Matter of a Warrant to Search a Certain E‐Mail Account Controlled and Maintained by Microsoft Corporation.

Continue Reading

HIPAA’s Long Arm — and Why It’s a Good Thing

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
July 11, 2016

HIPAA Training

Recently, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its first HIPAA resolution agreement and monetary penalty against a business associate (BA).

Continue Reading

Ransomware Growing Out of Control

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
June 20, 2016

Security experts are sounding the alarm bell as ransomware attacks continue to increase rapidly since my last post on the subject.

Continue Reading

Attorney Confidentiality, Cybersecurity, and the Cloud

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
June 6, 2016

Law firm data security

There is a significant degree of confusion and lack of awareness about attorney confidentiality and cybersecurity obligations.  This issue is especially acute when it comes to using the cloud to store privileged documents.  A common myth is that storing privileged documents in the cloud is a breach of attorney-client confidentiality.  In other instances, many attorneys and firms are not paying sufficient attention to their obligation to protect the confidentiality and security of the client data they maintain.

Continue Reading

6 Great TV Series About Privacy and Security

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
May 31, 2016

TVIn previous posts, I have listed some of my favorite novels and movies about privacy and security issues.  I don’t want to leave out TV, as there are some great TV series too.

 

Continue Reading

New Resource Page: How to Make Security Training Effective

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
May 26, 2016

Effective Security Training

I recently created a new resource page —  How to Make Security Training Effective.  The page contains my advice for how  to make security training memorable and effective in changing behavior.

Training the workforce is an essential way to protect data security, but not all training endeavors are successful.  Poor training is akin to shouting into the void.  This resource page is designed to provide some tips and advice about training that I’ve learned from being an educator for more than 15 years.  Continue Reading