The Federal Government has been vigorously enforcing the HIPAA Security Rule. Recently they released draft guidance regarding the risk analysis requirements in the HIPAA Security Rule.
The guidelines call for identifying where electronic protected health information is stored, received, maintained or transmitted. The risk analysis process should be periodically reviewed and updated.
With GRIPTM Privacy Management Services creating and maintaining a Personal Data Inventory has never been easier or more accurate. In just 30 days, an inventory of where all your structured and unstructured data containing all privacy related information can be developed . GRIPTM provides detailed datamaps and reports showing what departments, media, applications, vendors and record types that contain personally identifiable information (PII).
Privacy Management Services leverages automation, benchmarking and best practice standards to automatically identify and highlight areas of immediate concern.
A Hartford, Connecticut woman found more than she bargained for when she stopped and picked up a cabinet that had a “free” sign on it. She brought it home and inside discovered documents that contained Social Security numbers and names, death benefits, medical records with hospital admissions and medication records of Aetna policy holders.
According to Aetna someone made a “serious human error”. The fact is that 88% of breaches are caused by insider negligence. In order to eliminate human error and properly safeguard records containing personally identifiable information (PII) you need to know where those records exist. To know this, an organization must have an inventory of what records contain PII, what media it resides in, who has access to it and how it is maintained and disposed. Jordan Lawrence’s Privacy Management allows you to proactively identify where human error and process breakdowns can occur within your organization.
Judge Shira Scheindlin has entered an order amending her recent opinion in Pension Comm. Univ. of Montreal Pension Plan v. Bank of Am. Secs., LLC. The amended opinion cites negligence for failure to “obtain records from all those employees who had any involvement with the issues raised in the litigations or anticipated litigation, as opposed to just the key players.”
When litigation arises, it is critical for an organization to implement and enforce a hold order notice quickly and accurately to avoid sanctions. Hold Management Services allows you to filter and search notice recipients by typical attributes like job classification or business area so you can identify all employees who had any involvement. And you can deliver those hold notices through a secure, closed communication channel for compliance verification every time.
The Massachusetts privacy law, that went into effective March 1, 2010, is not a law that only Massachusetts businesses need to be concerned about, but any company that retains personally identifiable information (PII) about a Massachusetts resident needs to be compliant.
Requirements to comply with this law include creating an inventory of all paper and electronic records and media that contain PII, perform regular threat assessments to identify risks and vulnerabilities for a breach, and maintain a written security policy.
Most companies struggle with how to develop a data inventory, which is the foundation of any privacy program, as well as the costs associated with the typical approach of using spreadsheets, the man hours and the disruption to the business. With Privacy Management Services you can create a personal data inventory in 30 days and update and maintain that information with minimal costs.
The number of data breaches involving personally identifiable information (PII) is on the rise. The majority of these data breaches are caused due to bad business processes rather than by unauthorized access to networks.
In order to protect your personal and sensitive information from exposure due to bad processes you need to know what you have and where it resides. The first step to identify those “bad processes” is creating and maintaining a personal data inventory. With Privacy Management Services an inventory can be completed in 30 days giving you insight into what type of records exist, which records contain PII, what media it resides in, and how it moves across the enterprise.
Having this information enables you to perform regular threat assessments to identify where your risks and vulnerabilities lie so you can develop actionable policies and procedures to mitigate those “breakdowns”.
