What can you do to minimize risk? For companies that are regularly involved in litigation, in-house counsel and compliance personnel can reduce uncertainty by understanding their information systems and staying on top of technological changes.
The use of cloud-based computing and data storage is continuing to grow. There are compelling reasons for this, but with all the advantages, it’s easy to overlook a question that still needs to be asked – and answered. Is the cloud secure enough for my sensitive data?
While we reap the benefits of information technology in all aspects of our daily lives, we seldom comprehend what’s going on in the background or consider the potentially costly risks it ushers into our organizations. Effective enterprise risk management requires knowing and evaluating exposures throughout your systems, including your cyber and data breach risks. The [...]
With so much talk of cyber crime, hacktivism, cyber terrorism, massive data breaches through the Internet and other high-tech incidents, it’s easy to forget that to be successful, a compliance program shouldn’t be defined by what is covered in the mainstream media. Yes, criminals have added powerful, high-tech ways of stealing money and data to [...]
Serving on an audit committee is one of the most challenging, prestigious and fulfilling roles a business professional can play. It provides the opportunity to give back by sharing knowledge gained and lessons learned firsthand. And yet, the job’s inherent responsibilities can result in a very serious case of sleep deprivation. The results of the [...]
The demise of SAS 70 audits raises questions, confusion and a dose of drama. To gain clarity on the auditing standard’s replacement and its alternatives, it helps for service providers and their customers to understand what went on behind the scenes that caused in this change
Incident and event notification systems foster real time communication among key business stakeholders when an incident or event occurs. Aside from the primary purpose surrounding event notification, these systems also address a company’s compliance, regulatory or contractual obligations concerning event notification, data (breach) protection, ethics violations, investigations and information protection. Secondarily to the event notification [...]
More often than not, we find that the weakest links in the data chain are at the intersection between technology and manual process flow. An all-too-common scenario occurs when a company collects confidential information on its vendors, agents and other third parties through a hybrid manual/technological approach.
In an effort to help reduce that risk, we’ve gone through our case files to identify the top three most common sources of data compromise. Below, we address these three issues and offer advice on the best approach to avoiding them.
Jo-Ellyn Sakowitz Klein, senior counsel at Akin Gump Strauss Hauer & Feld LLP, provides five steps entities can take to reduce HIPAA and HITECH risks. She also reviews five common compliance pitfalls to avoid.
The turn of the year is an occasion not only for reflecting on the past, but also for considering the future. For hospitals and their compliance professionals, it is a good time to take stock of regulatory vulnerabilities, determine which ones should receive priority attention, and resolve to address these concerns in the coming year. Adhering to the following three resolutions may help make 2012 a happy and healthy New Year for many hospitals.