As an Internet Lawyer I get asked this question often. Think of a website audit as a kind of insurance policy. An audit helps protect you from the downside risk of doing business online. You have likely spent a great deal of time and money launching your site. Increasingly, a website is "mission critical" and for many online businesses the site is the mission. An audit is an incremental expenditure to ensure that all the appropriate legal bases have been covered. For additional information read our article Why Audit Your Website?.
« May 2009 | Main | July 2009 »
June 30, 2009
June 29, 2009
Data Breach: TJX Hit with $2.5M Fine
Data Security is Serious Business. TJX, the company that owns TJ Maxx and other subsidiaries, gets hit with a $2.5M fine for data breaches of 100 million consumer credit card records that occurred in 2005-2006.
TJX did not admit any wrongdoing but agreed to implement industry standard data security practices. The real damage done, however, despite the fact that $2.5M is more than a slap on the wrist, is to TJX's "reputation value." I believe there may have been a (class action) lawsuit as well.
In short, data security is serious business and even small companies need to start paying attention.
Looking for a best of breed HIPAA Compliance Tracking System?
To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.
If you need tools that will help with your compliance initiatives then check out the HSG Store.
June 28, 2009
Data Security for Online Businesses?
As a Privacy Lawyer I get asked all the time what kind of processes do we need to support our privacy policy? A policy without the appropriate processes in place won't do an online business much good. Sure, small businesses may not need (or can afford) the same kind of data security protection as Bank of America, but that does not mean they can simply ignore the issue.
The FTC Protecting Personal Information: A Guide for Business site is good place to start (watch the video and download the guide). This is the kind of information that will help small businesses implement the basics, and if implemented, will likely allow them to make a "good faith" compliance argument should the FTC come calling, or if a lawsuit is brought because of a data breach.
The FTC common sense five (5) step plan is as follows:
- Take Stock: Essentially, perform an assessment/inventory of where personal info is stored in your organization.
- Scale Down: Keep only what you need for business purposes or for government reporting purposes.
- Lock It: Protect the information you keep. Be cognizant of physical security, electronic security, employee training, and the practices of your contractors and affiliates.
- Pitch it: Properly dispose of what you no longer need. Make sure papers containing personal information are shredded, burned, or pulverized so they can’t be reconstructed by an identity thief.
- Plan Ahead: Draft a plan to respond to security incidents. Designate a senior member of your team to create an action plan before a breach happens.
Looking for a best of breed HIPAA Compliance Tracking System?
To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.
If you need tools that will help with your compliance initiatives then check out the HSG Store.
June 27, 2009
June 26, 2009
More stringent Internet privacy regulations imminent?
Web Privacy Efforts Targeted - WSJ.com. This article is probably an indication that industry groups are becoming increasingly alarmed that if they do not take steps to better protect consumer privacy on the Internet then the U.S. Congress will step in to fill the void.
If the latter happens it will be the small operators that feel most of the compliance pain, making it harder for them to compete. That will likely lead to further consolidation and ultimately less competition--not necessarily a good thing for consumers.
Unfortunately, cooler heads are unlikely to prevail and we will end up with a heavy handed regulatory regime that makes legislators and consumer groups feel good, but does little to change things on the ground.
I am all for voluntary compliance and letting industry leaders attempt to set the standard.
Looking for a best of breed HIPAA Compliance Tracking System?
To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.
If you need tools that will help with your compliance initiatives then check out the HSG Store.
Does HIPAA Preempt State Privacy Laws?
Minnesota Court of Appeals decision extends privacy claims to Internet - TwinCities.com. This will be an interesting case to watch. HIPAA, which does not currently allow an individual to bring a privacy suit (i.e. an individual's only recourse is to file a complaint with HHS) will not necessarily preempt state law if the state law is more "stringent."
As privacy continues to be a hot issue, you should expect to see more suits along these lines. Since revealing protected health information (PHI) is a BIG DEAL, I would expect the MN court to hold that HIPAA does not occupy the field, but rather provides baseline protection that states can enhance.
This topic is covered in the HIPAA Survival Guide.
Looking for a best of breed HIPAA Compliance Tracking System?
To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.
If you need tools that will help with your compliance initiatives then check out the HSG Store.
June 24, 2009
Privacy & Data Security
EU Advisory Group Proposes Tighter Privacy Regulation On Social Networks. It seems like everyone is jumping on the privacy & data security bandwagon. Here an EC group wants tougher regulations on Social Networking Sites (SNS). We are likely to end up with some monstrous pieces of legislation (e.g. HIPAA) that are so complex only the "big boys" can afford to comply, and then only after some get "whacked" with a heavy fine.
As I have said often, I am all for privacy & data security. With respect to the latter, and if the HIPAA Security Rule is an example of what will emerge, we will end up with CIA type of security measures imposed on unsuspecting website owners, that will mostly be ignored by the majority of small businesses.
What is required is guidance and tools, and not just tough language that makes legislators feel like they have actually improved protection for consumers.
Looking for a best of breed HIPAA Compliance Tracking System?
To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.
If you need tools that will help with your compliance initiatives then check out the HSG Store.
June 22, 2009
Is Privacy An Illusion?
Is Privacy An Illusion? Facebook ‘Fans’ Claim Hack Exposes Private Profile Information (Update). Online businesses need to "wake up and smell the coffee." These privacy issues are not going away. Privacy and security are some of the hottest online legal issues--not necessarily because of the harm created but rather because the media has jumped all over it. Expect for that to continue.
Also expect the FTC, HHS (for HIPAA), and other agencies to step up their enforcement efforts. They are going to ride the wave and send a message while the getting is good.
You can bet on it.
Looking for a best of breed HIPAA Compliance Tracking System?
To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.
If you need tools that will help with your compliance initiatives then check out the HSG Store.
June 20, 2009
Hot off the Press
Categories
- Business Associates
- Copyright
- Culture
- Current Affairs
- EHR and HITECH
- Health & Medicine
- Health 2.0
- Healthcare Fraud
- Healthcare in Cloud
- HIPAA Breach Notificaiton
- HIPAA Checklist
- HIPAA Compliance
- HIPAA Compliance Software
- HIPAA Survival Guide Radio
- HIPAA Training
- HITECH Act
- HITECH/HIPAA
- Law and Internet
- Meaningful Use
- New Media
- Online Business Startup
- Online Contracts
- Privacy & Data Security
- Red Flags
Greatest Hits
- Enforcement of Privacy Laws: A Freight Train is Coming
- Snake Oil, KM & the Practice of Law
- Rainmakers, Raincollectors & KM
- Enterprise 2.0
- Wikis & Law Firms
- It's All Beta, All the Time!
- If the CIA likes it, why wouldn't a law firm?
- New Media, Geeks Still Rule
- Markets as Conversations-So What?
- It's Called Marketing Stupid
- The Next Billion Internet Users
- Email Still the Killer App?
- It is early in web years!
Blog Roll
- Blog | Healthcare Collaboration
- Blog | Healthcare Informatics
- Chris Saah
- Chronic Disease Management
- Crossover Healthcare
- Doc Searls
- Dog's Life Digital Magazine
- Effect Measure
- EMR Daily News — News of the day in the world of Electronic Medical Records
- EMR, EHR and HIPAA - Covering EMR, EHR, HIPAA and Healthcare IT
- Eric Goldman
- Felix Gerena
- Future of Health IT: Trends and Scenarios
- Grant McCracken
- Healing Hospitals
- Health Beat
- Health Blog - WSJ
- Health Care Law Blog
- Health Plan Innovation Blog
- Health Policy Blog
- HealthBlawg
- HealthBlawg
- Healthcare & Technology Blog
- Healthcare Technology News
- HIPAA Privacy Rule
- HIPAA Requirements
- HIPAA Security Rule
- HIPAA Survival Guide
- HIPAA Survival Guide | The HITECH ACT
- HIPAA Training
- ONCHIT
- HITSphere
- Insights on Health Policy | John Goodman | NCPA
- Internet Lawyer
- Jason Kottke
- Life as a Healthcare CIO
- Moby Dick Online
- Neil Versel's Healthcare IT Blog
- Nicholas Carr
- Project HealthDesign Blog
- Remaking Healthcare
- Remaking Healthcare
- Rick Georges
- Sal's Blog
- Seth Godin
- The EHR Guy's Blog
- The Health 2.0 Blog
- The Health Care Blog
- The Healthcare IT Guy
- The New Health Dialogue | New America Blogs
- Tom Peters
- Yasnoff on eHealth
CC
Tools
- Google Analytics
Become a Fan
EHR Tools
EHR Collateral
Become a Fan
Essays and Such
- HIPAA Survival Guide (PDF)
Read the HSG in PDF format. - HIPAA Survival Guide (online)
Practical advice for health care practitioners. 
Search, KM & the Practice of Law
Silicon Stories eBook
Dirty Little Secret
Competitive Advantage
Process Patterns
Movie Making and Software Development
The Missing Factory
Architecture: Shack, House or Skyscraper?
The Talent Wars
Knowledge Management and Infotainment
What comes after what comes next?
Silicon Stories Online
- Book Cover
- Chapter 1: Dirty Little Secret
- Chapter 2: Competitive Advantage
- Chapter 3: Process Patterns
- Chapter 4: Movie Making & Software Development
- Chapter 5: The Missing Factory
- Chapter 6: Architecture
- Chapter 7: Talent Wars, E-Teams and E-Cultures
- Chapter 8: Knowledge Management & Infotainment
- Chapter 9: What Comes After What Come Next?
