RiskIT Logo

Issue 29                                                      Friday, June 24, 2011 


How to Prepare Your Organization for a HIPAA Security Risk Analysis 



The healthcare IT landscape is changing fast. Through government-sponsored incentive payments, the 2009 HITECH Act promotes the adoption and "meaningful use" of healthcare IT. Accelerating the migration to electronic health records (HER) enables greater access to and sharing of patient health Information among providers, patients, payers, and employees. With increased access and data sharing comes increased risk.

This webinar will help you understand how a HIPAA Security Risk Analysis is conducted and why it is a mandatory requirement of achieving meaningful use. Then, to better prepare your organization for the assessment, you'll learn a few pro-active steps to help you avoid common pitfalls and maximize the value of your investment. You'll also understand how a HIPAA Security Risk Analysis fits into your overall information security program so that you can not only achieve compliance but also begin a process of continuous and durable improvements in IT Security.


To read this article in its entirety, please click:

How to Prepare Your Organization for a HIPAA Security Risk Analysis

Developing a Security and Privacy Awareness Program



What You Need to Know to Deveop an Information Security and Privacy Awareness Program 


There is no doubt that we are all tired of hearing about security breaches. From Epsilon to Sony to Sega to Citigroup, computer users wonder if anyone cares about online privacy and security.


Well, there is one person who always has our interests first and foremost: Rebecca Herold. Recognized as one of the "Top Influencers in IT Security," one of the "Best Privacy Advisors in the World," and holder of five professional certificates (CIPP, CISM, CISA, CISSP, FLMI), Rebecca is an internationally-known author, blogger, instructor, and consultant specializing in information security, privacy, and compliance.



To read this article in its entirety, please click:




EHRs and Disaster Preparedness 



Here's yet another reason to adopt electronic health records. A hospital that was severely damaged by the recent tornado in Joplin, Mo., found its EHR systems were indispensible in the storm's aftermath.To read this article in its entirety, please click:


In a new blog, Farzad Mostashari, who heads the Office of the National Coordinator for Health IT, points out that for healthcare providers, EHRs can be a vital component of disaster recovery. Plus, they can be far more secure than paper records when a storm hits.

To read this article in its entirety, please click:

EHRs and Disaster Preparedness
CISO's Guide to Breach Notification


The recent flood of global cyber attacks pushes the need for formal breach notification policies and processes within organizations, requiring information security leaders to understand the range of potential obligations if or when they were to lose control of the critical data they store.

"It's not enough to know the architecture of the breach system," says Michael Aisenberg, principal, defense & homeland security at MITRE Corp, a not-for-profit organization that manages federally-funded research and development centers. "Leaders have to understand the different jurisdiction of where they do business, where their customers are and which breach law applies to which customers and subjects."

To read this article in its entirety, please click:

CISO's Guide to Breach Notification
Why Your Vendor Doesn't Want You to do Risk Analysis



Did you ever have a feeling that your IT integrator was treating you like a couple of guys selling you a Persian rug?


"Take it now - it's so beautiful, just perfect for your living room, a steal for only $10,000 and it's on sale."


And when you ask if it will last, they tell you, why do you want it to last? Enjoy, use it in good health, wear it out quickly and come back to the store so that we can sell you Persian Rug 2012.


I had a meeting with a long-time client recently - I've developed some systems for them in the FDA regulatory and clinical trial management space. We met for lunch to discuss a new project which involved an extension to an existing multi-center study.


To read this article in its entirety, please click:

 Why Your Vendor Does Not Want You to do Risk Analysis


RiskIT Logo 
is an email publication provided by


Eminere Group Logo 


Disaster Recovery Journal











More Useful Links...
Join Our Mailing List