Tag Archives: Compliance

Windows 7 & Server 2008 – Time to Upgrade

The end of 2 beloved and notorious operating systems Microsoft Windows 7 & Server 2008 R2 is upon us. As of January 2020, Windows 7 and Windows server 2008 will no longer be supported. Much like you may remember the end of life for Windows… Continue reading

Why You Need HTTPS on Your Website

Most any web user can tell you when they visit a website that uses HTTPS. They know this by the green lock in browser or the HTTPS (vs. HTTP) in the address bar. This indicates that you can generally trust your connection to the site… Continue reading

Social Engineering Examples

Social engineering is a threat that faces organizations from small business to large enterprises. As we’ve explored multiple times on this site, there are few organizations that are truly prepared to address these types of threats. Social engineering attempts to coax, cajole, and manipulate others… Continue reading

What is GDPR

What is GDPR? GDPR or General Data Protection Regulation is new European Union data protection legislation outlining the various data protections for EU citizens data. It replaces the 1995 EU Data protection directive and defines a variety of users or customers rights and responsibilities on… Continue reading

Addressing the Insider Threat

Technology is a powerful tool in assuring the confidentiality, availability and integrity of your critical data – but it is no failsafe. Even the best of breed technology deployed in a layer approach (defense in depth) will have flaws. The most well meaning and resourced… Continue reading

The HIPAA Audits are Coming

The HHS Office for Civil Rights (OCR) is gearing up for random audits of healthcare providers and partners. OCR is starting its 2nd phase of its ongoing audit program of CEs (Covered Entities), BA (Business Associates) in 2016. You may recall that HHS’ Office for… Continue reading

PCI Compliance and PoS Security

If you run a business that processes credit card payments you know the difficulties of PCI compliance. Payment Card Industry Data Security Standard (PCI DSS) is a security standard that applies to any organization that accepts, process or store credit card data.  The PCI Standard… Continue reading

Is Your Email HIPAA Compliant

Most health care providers and medical practices understand the basics of HIPAA compliance but often miss critical technical or operational details that leave them out of compliance. These technical details are far from inconsequential. Take the example of email. Many health care organizations (covered entities)… Continue reading

HIPAA Compliance Failures

Many organizations are under the erroneous assumption that they can claim compliance by simply buying an inexpensive software package or set of templates. Others simply attempt to go it alone and comply by reinventing the wheel. Many others assume compliance because they work with a… Continue reading

Does HIPAA Apply to My Organization

Healthcare practices & their partners large and small are legally obligated by the HIPAA HITECH and Omnibus regulations to protect the privacy and security of protect health information. These regulations which govern the use PHI (Protected Health Information) its use, storage and processing by healthcare… Continue reading