C.G. Lynch is a writer often referenced on this blog and one who covers consumer web and social technoligies for CIO.com.  In a recent article, the topic of writing a company policy regarding the use of social networking media such as Twitter was discussed.

As Lynch states, in the article, … ”many companies grapple with how to balance the transparency social networking tools  enable with the need to safeguard company information.”   The ideas and the methodology presented for an organization to achieve this balance are worth your time to read.

Click here to read the entire article.

Lora Bentley, in her recent posting in the ITBusinessEdge blog, wants to remind us that the data breach notification rule promulgated by the U.S. Department of Health and Human Services (HHS) pursuant to the HITECH Act, even applies to individuals the covered entity knows to be deceased.

Given the fact that each state and territory law has its own position on this rule, and, in fact, where some do not have such a stipulation of notice regarding deceased persons, each organization must pay careful attention to protect themselves from potential privacy breach lawsuits stemming from the HHS rule. 

Click here to read this article and remember to follow the link within this article to the HHS rule as published in the Federal Register for public comment.

The Health Data Management publication group recently announced the final rule(s) governing the reporting of data breaches by vendors of personal health records (PHR’s) and online applications that interact with PHR’s.

Read this article for more information on this important privacy and information security topic.