InformationWeek has an article on Privacy Breaches reported by health care agencies. This isn't surprising at all. HIPPA is so vague, has so many "outs", and affects so many different industries that it's almost impossible to work with. When I was consulting HIPPA was a project of mine. The company I was with was a late comer in the game when we decided to actively pursue clients that needed help with HIPPA compliance. I spoke with people in health care (hospitals, nursing homes, doctors offices), insurance, law firms, and others that were affected and without fail all of them had either an apathetic attitude toward getting compliant, were depending on a software vendor to be compliant, or had no idea that HIPPA could affect them. I know that those I dealt with was a very small sampling but when you bat 100% it really doesn't matter how big your sample is. It still speaks volumes as to the attitudes that companies have towards HIPPA. Many will do the bear minimum to get Uncle Sam off their back.
About Me
- Andy, ITGuy
- I've been in IT for 11 years. Sometime in 2000 I became interested in Security and started focusing my career in that direction. I am a CISSP and have a passion for Information Security. I have worked both "In the trenches" and in managerial positions in IT. I started blogging because I wanted to have a place to express my thoughts and opinions on security. Hopefully someone else will gain something from what I have to say.
Subscribe
2 comments:
Please don't say HIPPA :-) or people would make fun of you
e.g.
http://www.oreillynet.com/sysadmin/blog/2005/11/fake_experts_always_misspel_hi.html
Ouch, You know I never even paid attention to the fact that I misspelled HIPAA. Obviously I've been doing it for some time because I did it 4 times in this one blog. Spelling was never my strong suit. :)
Post a Comment