To embed, copy and paste the code into your website or blog:
In honor of Data Privacy Day, we provide the following “Top 10 for 2021.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2021.
COVID-19 privacy and security considerations.
During 2020, COVID-19 presented organizations large and small with new and unique data privacy and security considerations. Most organizations, particularly in their capacity as employers, needed to adopt COVID-19 screening and testing measures resulting in the collection of medical and other personal information from employees and others. This will continue in 2021 with the addition of vaccination programs. So, for 2021, ongoing vigilance will be needed to maintain the confidential and secure collection, storage, disclosure, and transmission of medical and COVID-19 related data that may now include tracking data related to vaccinations or the side effects of vaccines.
Thursday, January 28, 2021
In honor of Data Privacy Day, we provide the following “Top 10 for 2021.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2021.
COVID-19 privacy and security considerations.
During 2020, COVID-19 presented organizations large and small with new and unique data privacy and security considerations. Most organizations, particularly in their capacity as employers, needed to adopt COVID-19 screening and testing measures resulting in the collection of medical and other personal information from employees and others. This will continue in 2021 with the addition of vaccination programs. So, for 2021, ongoing vigilance will be needed to maintain the confidential and secure collection, storage, disclosure, and transmission of medical and COVID-19 related data that may now include tracking data related to vaccinations or the side effects of vaccines.
Sarbanes-Oxley Act (Sarbox, SOX)
Purpose: Enacted in 2002, the Sarbanes-Oxley Act is designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures. It was enacted after the high-profile Enron and WorldCom financial scandals of the early 2000s. It is administered by the Securities and Exchange Commission, which publishes SOX rules and requirements defining audit requirements and the records businesses should store and for how long.
To whom it applies: US public company boards, management and public accounting firms.
Key points for CISOs: SOX places requirements around maintaining integrity and availability of financial data, and controls for who has access to that data. Specific rules need to be in place for:
Camera catches COVID-19 patient’s final breaths in San Antonio nursing home
Family claims lack of monitoring led to death of 80-year-old Rafael Armendariz
Tags:
SAN ANTONIO – After Rafael Armendariz developed a sore on his foot early last year, his family said management at Golden Estates Rehabilitation & Healthcare Center allowed them to install a Ring security camera in his room to monitor his care and get updates on his condition from staff.
The timing of installing the camera proved prescient, as weeks later, the COVID-19 virus forced nursing homes to no longer allow in-person visits to patients.
Armendariz’s daughters, however, said they had no idea the camera would capture footage on Nov. 10 of their father struggling to breathe and then gasping for air before passing away.
Advertisement
HITECH Act Amendment Incentivizes Adoption of NIST and Other Recognized Cybersecurity Safeguards as a Defense or Mitigation to HIPAA Enforcement Sunday, January 10, 2021
On January 5, 2020, HR 7898, became law amending the Health Information Technology for Economic and Clinical Health Act (HITECH Act), 42 U.S.C. 17931, to require that “recognized cybersecurity practices” be considered by the Secretary of Health and Human Services (HHS) in determining any Health Insurance Portability and Accountability Act (HIPAA) fines, audit results or mitigation remedies. The new law provides a strong incentive to covered entities and business associates to adopt “recognized cybersecurity practices” and risk reduction frameworks when complying with the HIPAA privacy and security standards to reduce risk associated with security threats and HHS enforcement determinations. Specifically, the earlier adoption of an established, formalized and recognized cybersecurit