With North Korea’s hacking of Sony, the FBI recently stated more than 90% of companies are vulnerable to the same attack. Recent hackings have resulted in bad publicity, confidential information leaks, damage to clients, and heavy monetary damage. It’s important to prepare before an attack to minimize the risk of both being a victim and the

Healthcare is trending toward value-based payments. Back in January, Sylvia Burwell of the of the U.S. Department of Health & Human Services announced Medicare’s move toward paying providers based on quality, rather than quantity, of care they give to patients. Secretary Burwell emphasized the importance of alternate payment models, including accountable care organizations (“ACOs”). Regardless of whether you are for or against value based payments, ACOs are will play a big role in the future of healthcare, and many providers will find themselves involved in an ACO. So, what are the privacy and security issues associated with being an ACO participant?

Employers commonly use video surveillance for safety, security, loss prevention, and employee productivity monitoring. But employers’ legitimate business interests in protecting assets and safeguarding the workplace must be carefully balanced with employees’ reasonable expectations of privacy. As the definition of workplace privacy continues to develop, employers must be conscious of the evolving legal risks of workplace monitoring.

Ineffective wireless encryption

Taped-over door lock on data room

Inadequate passwords

Computers without adequate log-off

Disabled audit logging

Unencrypted email and laptops

Former employees with inappropriate network access

These vulnerabilities and more (a total of 151) were found at seven large hospitals during a round of audits by the Department of Health & Human Services. Although these vivid examples point to hospital systems, HIPAA applies also to many other types of covered entities and business associates including, of course, physician practices. These non-hospital providers are most likely even more vulnerable to such lapses as they are less likely to have dedicated information technology staff, legal departments, and formalized record-keeping practices.

So, your organization has committed to Information Governance, and you’ve been tasked with making it a reality. Now what?

You’ll need a framework on which to build your program, a platform that will help you bridge across siloed functions (IT, InfoSec, Legal/Compliance, Records Management, Internal Audit, Operations…) and siloed perspectives (privacy, data security, records & information management, litigation discovery…). You’ll also need to come to grips with three persistent barriers to operationalizing Information Governance:

Having no need to brandish bandanas to obscure identity or firearms to force entry, cyber bandits, in a sophisticated and well-orchestrated robbery, waltzed into the IT vaults of Anthem, the second-largest U.S. health insurer, and walked off with personally identifiable information on about 80 million current and former members, a population that comprises Anthem customers,

Some old problems never seem to go away. Email retention remains an obstinate dilemma for far too many organizations. Volumes continue to mount, with business email totaling 109 billion messages every day, and forecasted growth of 7 percent each year. Email archives and cloud email solutions address the symptom of overburdened servers, but these strategies do nothing to tackle the core problem, which is too much email, kept too long. And the cost of email retention outstrips the cost of email storage, in large part due to e-discovery expense in future litigation.

The cold, hard truth is that the persistent problem of email volume will not be solved with technology alone. What’s needed, and frankly overdue, is a bit more organizational discipline and direction on email retention. 

The U.S. Department of Education is urging institutions to include privacy protections that reach beyond the Family Educational Rights and Privacy Act (FERPA) in contracts with app and other online educational service providers. Guidance from the Department’s Privacy Technical Assistance Center (including model contract terms and a basic employee training video) provides insight on