DNetworks

Security Basics (Part Two) INFORMATION SECURITY IDENTIFIERS

Posted by Thomas Davon on

Security Basics (Part Two) INFORMATION SECURITY IDENTIFIERS

In information security, the Stanford Data Classification Guidelines is what is used to classify information as either having no risk at all, or having a low risk or having a high risk. The guidelines highlight health information as having a high risk. According to the guidelines, the Protected Health Information (PHI) is a High-Risk Data which must be protected against any form of risk. According to the guidelines, a PHI is any information relating to the past, present or future of an individual and can be used to identify the individual. Such information must be treated with utmost privacy. It...

Read more →

Security Basics (Part One)

Posted by Thomas Davon on

Security Basics (Part One)

SOME CORE AREAS OF INFORMATION SECURITY Information security has been a major issue in recent times. The use and disclosure of information in such a way that the information does not cause any harm to the persons concerned is very important. There different areas of information security, these include:   Access: This is the ability to use, manipulate, modify, or affect another subject or object. Information access is only granted to those considered as authorized users. Any user who accesses information without authorization is considered a hacker and such an act is a violation of the information security laws.  ...

Read more →

Why you have to have a Risk Management Program (Part Two) fifty-six thousand reasons

Posted by Thomas Davon on

Why you have to have a Risk Management Program (Part Two) fifty-six thousand reasons

On April twenty-fourth Dignity Health allowed approximately fifty-six thousand patient records to be compromised by their subcontractor Healthgrades. On my thirty-first Dignity Health reported the breach to the Office of Civil rights (OCR) under HHS as required by HIPAA, given the breach was over five hundred records.Surely it will be found that due to a lack of proper vendor oversight, due to a lack of Risk Management, a sorting error in an email list caused the breach. In a press release Dignity Health said “Dignity Health and Healthgrades investigated and corrected the problem and the companies are putting appropriate steps...

Read more →

Why you have to have a Risk Management Program (Part One) 2.2 million reasons

Posted by Thomas Davon on

Why you have to have a Risk Management Program (Part One) 2.2 million reasons

Risk Management is a mandatory part of the HIPAA HITECH law that Congress put into place to protect the data of patient’s and their identity. Below is the exact language from the Government Publishing Office (GPO).“§ 164.308 Administrative safeguards. (1)(A) Risk analysis (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity.”I can hear you now, so what if I don’t want to maintain a Risk Management Program? What is the Government really going to do to me? Well that depends...

Read more →

Business Process as a Service (BPaaS) is it a good idea?

Posted by Thomas Davon on

Business Process as a Service (BPaaS) is it a good idea?

Gartner defines business process as a service (BPaaS) as the Following:The “delivery of business process outsourcing (BPO) services that are sourced from the cloud and constructed for multitenancy. Services are often automated, and where human process actors are required, there is no overtly dedicated labor pool per client. The pricing models are consumption-based or subscription-based commercial terms. As a cloud service, the BPaaS model is accessed via Internet-based technologies.”So when it comes to the infrastructure that supports your business is this something you should consider? The answer is yes however; keep in mind your core business offerings.Businesses like hospitals could...

Read more →