Privacy & Data Security

I recently heard this phrase and wondered what is meant by “HIPAA permissions?” HIPAA, or the Health Insurance Portability and Affordability Act, creates both obligations and rights for “covered entities.” I think what people are talking about when they say, “HIPAA permissions” are the several rights that HIPAA conveys on covered entities to use and disclose “Protected Health Information” (PHI) without having to obtain a signed authorization from the patient or insurance enrollee.
HIPAA Privacy and Security Rule Fundamentals
Continue Reading What Are HIPAA Permissions and How Many HIPAA Defined Permissions Exist?

It isn’t if, but when, the next round of cyber-attacks will happen. One common type of cyber-attack that schools face is ransomware, where a hacker takes over a school district’s computer systems and holds the systems “hostage” until the district pays a ransom or can restore the system on its own. Restoration for some districts can be nearly impossible.

Like any other multi-million-dollar organization with sensitive data, schools are unfortunately natural targets for cyber-attacks. Per one leading anti-malware provider,
Continue Reading Is Your School District Ready for the Next Round of Cyber Attacks?

In the US, the average email address is associated with 130 different online accounts, according to a study by DigitalGuardian.   By my count, I have about 500.  That’s a lot of passwords to manage.

The same study also reported that 11% of users have only one default password that they use across most or all accounts and 30% rarely or never change their passwords.  Not so good.  However, most users were more security conscious.  40% reported never reusing
Continue Reading How to Securely Manage Hundreds of Passwords

In the past week, European data protection authorities have found substantial European Union General Data Protection Regulation (“GDPR”) violations and issued corresponding fines against high-profile companies. These decisions are informative for companies doing business in Europe as they indicate clear future enforcement priorities by European regulators.

On December 10, 2020, the French Data Protection Authority (“CNIL”) issued fines against Google (€100M; $120M) and Amazon (€35M; ~$43M) for improper use of cookies on their websites. Specifically, the CNIL found that
Continue Reading European Data Privacy Watchdogs Take New Steps