• 27 Aug 2010

    HIPAA & HITECH: new requirements + same approaches = new book

    My colleague and co-author Becky Herold and I are working on the second edition of our HIPAA book and I'm realizing, wow, not much has changed in the way of managing information risks since we first wrote it in 2003. Yet, the protected health information breaches keep on occurring (look at the two latest ones from this week).Stay tuned though...we've got lots of good updates and new info forthcoming on ...

    Continue Reading...
  • 01 Dec 2009

    Funny thing about notices of privacy practices

    I just received a "notice of insurance information practices" from my health insurance provider that says something to the effect of:"ALL INFORMATION CONFIDENTIAL. We're required by law to keep your information confidential. It will be seen only by our employees and authorized business associates."Really? Pretty gutsy statement from any business but especially one who's already been listed on the Chronology of Data Breaches....

    Continue Reading...
  • 19 Nov 2009

    I could’ve sworn we had this thing called HIPAA

    Remember way back in April of 2005 when the HIPAA Security Rule went into effect? Well apparently some healthcare providers didn't get the memo. Big blow to Health Net.So, no reasonable security controls to meet the HIPAA requirements much less no encryption of mobile storage devices? Seriously people: what is it going to take to encrypt mobile drives!!??I'm not a fan of BitLocker in the enterprise and not sure how ...

    Continue Reading...
  • 16 Sep 2009

    My latest security content

    Here's my latest information security content. Hope you enjoy!Big IT Lessons Small Businesses Can Learn (an IncTechnlogy.com piece I contributed to)How often should I change the passwords for my bank and other important online accounts? (a Women's Health magazine piece I contributed to)Web 2.0 application security troubleshooting, testing tutorialHIPAA-covered entities, business associates confront HITECH Act rulesTen sure-fire ways to derail your career in IT What you should know about cloud ...

    Continue Reading...
  • 30 Aug 2009

    Good summary of the new HIPAA rules

    As you may know the ARRA government growth bill passed by President Obama earlier this year contains something called the HITECH Act that brings a whole new meaning to the word "HIPAA". There's a lot of mixed information about on the Web (no surprise) but I recently came across a page that lays out the essentials of the HITECH Act very clearly. Definitely worth checking out if your organization does ...

    Continue Reading...
  • 11 May 2009

    My latest security content

    Here's my latest information security content - more from the queue coming soon...just waiting for it to be published.Here's a webcast I recorded for SearchCIO.com:Continuous Data Protection (CDP) Strategies for the EnterpriseHere are two whitepapers I wrote for Realtimepublishers.com on behalf of Credant:Navigate the Future of HIPAA ComplianceData Protection for the Evolving WorkforceAs always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts ...

    Continue Reading...
  • 21 Apr 2009

    Isn’t this what HIPAA was for?

    I read the first paragraph in this piece regarding Obama's mandate that we move to electronic medical records (a big step in nationalizing healthcare in this country). It says "The aim is to improve medical care, increase the efficiency of heath care delivery and ultimately cut health care costs." When I co-wrote our book on HIPAA compliance back in 2003, improving medical care, increasing the efficiency of heath care delivery ...

    Continue Reading...
  • 27 Aug 2008

    A chronology of HIPAA convictions

    Does HIPAA affect your organization? It probably does somehow some way at least indirectly. If not, we're all affected personally. Well, my friend and brilliant colleague, Becky Herold, has kept up with HIPAA-related convictions over the past few years. I'm surprised that only seven convictions have taken place. There's no doubt that more violations have occurred...Interestingly, there's only been one sanction given for noncompliance. Only one healthcare organization out of ...

    Continue Reading...

Resources

view all

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

application security appsec basics books careers censorship CISO CISSP cities compliance coronavirus covid-19 cybersecurity data breaches hacking Hacking For Dummies heads in sand health incident response information risk keynote speaker leadership macOS networked cameras passwords patching racing resilience Russian hacking SDLC security culture security leadership security program management security speaker selling security social engineering speaking engagements spec miata sql injection tiktok time management training vulnerability and penetration testing web security

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.

For your convenience I accept