[ Tuesday, April 13, 2010 ]


Interesting NIST paper: This publication from NIST is a good, common-sense discussion of how to properly protect "personally identifiable information." It's not specifically HIPAA-oriented, but it sure makes sense when you do a risk analysis (which you should be doing regularly under the Security Rule; you know that, right?). Figure out what you've got, don't keep what you don't need, categorize based on impact value, and protect accordingly. They quote McGeorge Bundy: "If we guard our toothbrushes and diamonds with equal zeal, we will lose fewer toothbrushes and more diamonds." True.
Hat tip: Alan Goldberg

Jeff [11:18 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template