By:
On:
In: *Connecting the Dots Blog*, Incident Reporting, Information Privacy, Information Security, Regulatory Compliance

  Did everyone see this ultimate lesson regarding lessons learned but not implemented? Remember back in February 2009 when the Federal Trade Commission (FTC) issued a settlement against CVS Caremark?  According to the settlement, CVS Caremark violated the HIPAA privacy rule and the FTC Act when some of its stores improperly disposed of prescription information and pill bottles that had patient information on them.  The settlement resulted in a $2.25 million fine and they must ensure their security program meets the standards of the settlement [including ongoing audits] for the next 20 years. Now roll the clock ahead to July 2010 and another pharmacy chainRead More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources, Incident Reporting, Information Privacy, Information Security, Risk Management

  Recently, Awareity’s CEO, Rick Shaw, was asked to present at the Infotec conference in Omaha.   During his presentation, “The Truths (and Myths) About Assessments, Planning and Implementing”, Rick discussed the three-legged stool each organization is sitting on, and the importance of all three legs (Assessments, Planning/Developing and Implementing). Most organizations understand the importance of assessments and planning, but where many fail to deliver is in the implementation phase.   As we have seen with numerous headlines and lessons learned, a failure to implement can lead to expensive fines, lawsuits, breaches and losses.  Rick used a case study for CVS Caremark.   Due to employees carelessly tossingRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Information Security, Legal, Regulatory Compliance, School Safety

Every manager I talk to has a long To Do List and they all say the list is getting longer. Then I ask them a question about their GOT TO DO LIST?  Their responses usually include groans, moans and terribly painful looks on their faces. As I talk to more and more managers and review more and more headlines in the news, it is obvious to me that managers’ GOT TO DO LISTS are becoming more painful by the day. Why are GOT TO DO LISTS getting more painful?  Look at these articles which include lessons learned as well as future challenges: Heartland CEO onRead More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources, Incident Reporting, Information Security, Legal, Regulatory Compliance

I recently blogged about the Veterans Affairs and the lost laptop that cost Veterans Affairs (tax payers) $20M to settle a lawsuit against them.  Now we have some very expensive trash. Attention all public and private organizational leaders!  Did you see the FTC charges released last week against CVS Caremark Corporation?  The costs of not establishing, implementing and maintaining a comprehensive information security program to protect the security, confidentiality, and integrity of personal information it collects from consumers and their employees is expensive! The FTC order requires CVS to pay $2.25 million to HHS to settle HIPAA violations and CVS is required to obtain independent,Read More →