Road to HIPAA Compliance: Breach Notification

by KirkpatrickPrice / December 19, 2022

What is the Breach Notification Rule? In this session, we discuss the Breach Notification Rule, define what a data breach is, discuss how long you have to report a breach, who to tell, and what to tell them. We also discuss strategies for reducing the risk of a data breach.  Data Breach FAQs What is a breach? A breach is the acquisition, access, use, or disclosure of unsecured protected…

PCI Readiness Series: Scoping the Assessment

by KirkpatrickPrice / December 19, 2022

How to Scope a PCI Assessment Knowing how to scope a PCI assessment is crucial to your organization’s compliance. Defining a correct scope is the first and most important step. Scoping is so vital that assessors should not even begin the assessment until they have fully determined the scope. So, how does your organization determine if an asset is in scope? Any people, process, or technology that stores, processes, or…

PCI Readiness Series: PCI Requirement 7

by KirkpatrickPrice / December 19, 2022

What is PCI Requirement 7? In this webinar, our PCI expert spotlights PCI Requirement 7, which states, “Restrict access to cardholder data by business need-to-know.” This requirement is focuses on authorization and establishing a program of least privileges. PCI Requirement 7 supports the implementation of many of the controls in PCI Requirement 8.  In this webinar, we'll discuss several elements of creating a strong access control system, such as…

Risky Business: Thoughts on ISO 27001 and Risk Management

by Joseph Kirkpatrick / December 19, 2022

Welcome to the inaugural Risky Business blog! The goal here is to provide education about the ISO 27001 standard and provide useful advice on how this framework can be used to solve many of your compliance and information security problems. I have been using ISO 27001 for over a decade as the foundation for information security programs that I’ve developed and directed, both for myself and for my clients, and…

Preparing for Phase 2 HIPAA Audit Compliance

by Sarah Harvey / June 13, 2023

The OCR has just announced that the Phase 2 HIPAA Audits have officially begun. The OCR is currently gathering information to determine which covered entities and business associates will be included in the auditee pool. If you haven’t already prepared for Phase 2 HIPAA Compliance, knowing where to begin may seem a bit overwhelming. Understanding the background of the OCR’s supervision of HIPAA Compliance is a good place to start…