Comments for Pondurance http://www.pondurance.com Security.Continuity.Compliance Tue, 21 Feb 2012 16:07:26 +0000 hourly 1 http://wordpress.org/?v=3.3.1 Comment on 2011 Data Breach Review by steve.lodin http://www.pondurance.com/blog/2011-data-breach-review/#comment-84 steve.lodin Tue, 21 Feb 2012 16:07:26 +0000 http://www.pondurance.com/?p=683#comment-84 Jeovan, I completely agree with the small office comment you mention. See my recent blog post on "SMB Security Can No Longer Be Ignored" http://www.pondurance.com/blog/smb-security-can-no-longer-be-ignored/ I do not think Meaningful Use fund awards will trigger random audits. It appears that KPMG has a different set of criteria for selecting targets based on their initial process. Yes, it will be interesting to see the auditing steady state. Some organizations really only react in the security space when faced with fines or after they are breached. I'm not sure if the threat of audits and fines will move the needle. Steve Jeovan,

I completely agree with the small office comment you mention. See my recent blog post on “SMB Security Can No Longer Be Ignored” http://www.pondurance.com/blog/smb-security-can-no-longer-be-ignored/

I do not think Meaningful Use fund awards will trigger random audits. It appears that KPMG has a different set of criteria for selecting targets based on their initial process.

Yes, it will be interesting to see the auditing steady state. Some organizations really only react in the security space when faced with fines or after they are breached. I’m not sure if the threat of audits and fines will move the needle.

Steve

]]> Comment on 2011 Data Breach Review by Jeovan http://www.pondurance.com/blog/2011-data-breach-review/#comment-78 Jeovan Sat, 18 Feb 2012 18:56:58 +0000 http://www.pondurance.com/?p=683#comment-78 Interesting suvery but what would the results be like if small provider practices (1-3 doctors per office) were polled? Most small offices I have encountered do not have personnel with the knowledge, skills or experience to perform a security risk analysis- much less risk management. A security assessment AND risk management are REQUIRED objectives for HITECH fund recipients. Will HITECH fund awards trigger random OIG HIPAA security audits? Only time will tell . Interesting suvery but what would the results be like if small provider practices (1-3 doctors per office) were polled? Most small offices I have encountered do not have personnel with the knowledge, skills or experience to perform a security risk analysis- much less risk management. A security assessment AND risk management are REQUIRED objectives for HITECH fund recipients. Will HITECH fund awards trigger random OIG HIPAA security audits? Only time will tell .

]]> Comment on New Healthcare Information Security Survey by Steve Lodin http://www.pondurance.com/blog/new-healthcare-information-security-survey/#comment-30 Steve Lodin Wed, 16 Nov 2011 19:49:59 +0000 http://www.pondurance.com/?p=571#comment-30 Thanks for the comment! You are correct and that is now fixed in the post. Steve Thanks for the comment! You are correct and that is now fixed in the post.

Steve

]]> Comment on New Healthcare Information Security Survey by Kevin http://www.pondurance.com/blog/new-healthcare-information-security-survey/#comment-29 Kevin Tue, 15 Nov 2011 15:28:27 +0000 http://www.pondurance.com/?p=571#comment-29 Your percentages are flipped per the data in the report. Page 4 of the report states that 26% of respondents have yet to conduct the assessment not 74%. Your percentages are flipped per the data in the report. Page 4 of the report states that 26% of respondents have yet to conduct the assessment not 74%.

]]>