I happen to work in Indiana in IT for a retail store and my boss and I were just discussing how to avoid a "CNN event" just like this. Hopefully this article will be the tipping edge for the upper management to give us the time and resources to be able to properly secure our network... but somehow I doubt it.
Have HR tell tell you what the fines are for a HIPAA violation. Then have them tell you what is covered under HIPAA. I'm pretty sure at least some of your computers contain HIPAA protected information. Then arrange a presentation with Upper Management.
That is very good advice, thank you. Credit card numbers, customers purchase records, addresses, telephone #, etc is all stored on our servers or registers in one way or another and I'm sure part (if not all) falls under some part of HIPPA. Thankfully we have moved to an entirely encrypted system already so that narrows down some of our risk... but this was not always the case. It amazes me how a company/programmer/management can think that storing someone's private information in a plain text file is an ac
HIPAA only applies to "covered entities." As a retailer (of what, I don't know), I find it unlikely that they are considered a covered entity. Not just anybody has an obligation to protect your medical information -- only covered entities do. If you were unwise enough to send me your medical records and I posted them on a public web site, I'd be in the clear.
In fact, in my line of work, I see all kinds of HIPAA protected information. The people who send it to me are in direct violation (and I tell them so
"Nature is very un-American. Nature never hurries."
-- William George Jordan
Well this is a well timed article (Score:3, Interesting)
Re:Well this is a well timed article (Score:3, Interesting)
Re: (Score:2)
Re: (Score:2)
Re: (Score:0)
HIPAA only applies to "covered entities." As a retailer (of what, I don't know), I find it unlikely that they are considered a covered entity. Not just anybody has an obligation to protect your medical information -- only covered entities do. If you were unwise enough to send me your medical records and I posted them on a public web site, I'd be in the clear.
In fact, in my line of work, I see all kinds of HIPAA protected information. The people who send it to me are in direct violation (and I tell them so