jump to navigation

“You Are the Weakest Link! Or Are You”- Guest Post by Dr. Heather Mark June 7, 2017

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , ,
add a comment

The incomparableYATWL Dr. Heather Mark (my wife…and compliance expert) has a new blog post…

“If you’ve been in security or compliance long enough (and by that I mean approximately a week), you’ve heard the old adage that our largest vulnerability are our people.  Firewalls don’t just randomly open ports.  Email clients don’t just decide to send proprietary and sensitive information to third parties.  These are actions, sometimes deliberate and sometimes accidental, taken by the human assets within our companies, not the technological ones. Technology is not imbued with the ability to autonomously break laws or divulge sensitive information.  Technology largely does what it’s programmed to do. People – these are the elements that cannot really be controlled or predicted.  Of course, we can implement technology to mitigate the risk presented by human nature.  But at the end of the day, a determined individual can still wreak a lot of havoc. This argument is often made just to make that point that we can’t be complacent.  And to a very large extent, it’s correct.  But I would posit that people can also be one of our biggest assets with respect to maintaining compliance and ethics programs.I watch a lot of what my husband refers to as “murder shows” – Forensic Files, 20/20, and the like.  My favorite, though, is Dateline when the story is presented by Keith Morrison.  He has a way of telling a story.  Don’t believe me?  I give you proof.”…Click here for more from Dr. Heather Mark’s Blog!

The Difference Between Compliance and Ethic (Dr. Heather Mark’s Blog) July 10, 2015

Posted by Chris Mark in Uncategorized.
Tags: , , , , ,
add a comment

“HIPAA does not apply to news organizations” – ESPN Statement

Last night, a news story broke that combined two of my favorite things; compliance and American football.  This is a rare occurrence, indeed.  It seems that Jason Pierre Paul was celebrating the 4th of July, when he had a fireworks mishap, resulting in a major injury to his hands.  As a football player that had recently been franchise-tagged, this is major news.  Understandably, the sports reporters were anxious to get the story, as JPP, as he’s called, hadn’t yet signed his $14.8M dollar contract.  One reporter, though, went so far as to tweet a copy of the player’s medical record, as proof of the procedure.As you can imagine, compliance professionals immediately hopped on this broadcast of Protected Health Information (PHI).  This is an unscrupulous invasion of privacy, but does the tweet constitute a HIPAA breach? READ MORE.

%d bloggers like this: