While we are on the subject of data breaches, Continuity Central published an article on the most recent survey done by Verizon Business.   In summary..nearly nine out of 10 breaches were considered avoidable if security basics had been followed. Most of the breaches investigated did not require difficult or expensive preventive controls. The 2009 report concluded that mistakes and oversight failures hindered security efforts more than a lack of resources at the time of the breach.

The full report is linked at the bottom of the article.

Did you know that only 5 States (and New Mexico) DO NOT have a security breach notification law?  That means that 45 States have unique and different laws that any business who does business in those states must comply with!   Did you realize that with the new Stimulis Bill signed this year, there is now a specific FEDERAL data breach notification law for medical records?    Please review these following links for a better understanding.  It is good practice to have your compliance officer ensure that have determined at least a common matrix of conformity to protect the data within your business.

Review the current notification law matrix updated as of December 2008.

Privacy update on the Federal Data Breach law which is specific to medical records but not specific to a medical provider.  We found this informative article on the Hogan and Hartson website.

On April 3, Dr. Jenny Dugmore posted on the ITP Report a great write up on the every pressing question of ITIL versus ISO 20000.    There are always questions on this topic and I am thankful for her consise writing to bring the difference up front and inform those of us interested, what’s on the horizon for ISO 20000-1.   Read the whole story and take time to view other entries made by Dr. Dugmore.