[in German]: c’t article with detailled template letter to enact data subject access rights [c’t is a popular German IT magazine] – They call it the “torture questionnaire”…
(link at the bottom of article)
First settlement involving a wireless health services provider, as CardioNet provides remote mobile monitoring of and rapid response to patients at risk for cardiac arrhythmias.
In January 2012, CardioNet reported to the HHS Office for Civil Rights (OCR) that a workforce member’s laptop was stolen from a parked vehicle outside of the employee’s home. The laptop contained the ePHI of 1,391 individuals. OCR’s investigation into the impermissible disclosure revealed that CardioNet had an insufficient risk analysis and risk management processes in place at the time of the theft.
Additionally, CardioNet’s policies and procedures implementing the standards of the HIPAA Security Rule were in draft form and had not been implemented. Further, the Pennsylvania –based organization was unable to produce any final policies or procedures regarding the implementation of safeguards for ePHI, including those for mobile devices.
“PrivacyScore is open source software and we plan to release all collected datasets for research purposes. Besides running it as a public service, PrivacyScore can also be deployed in-house. This will help DPAs that are faced with the task of enforcing a large number of regulatory requirements specified in the General Data Protection Regulation (GDPR).
Tool is at https://privacyscore.org/
The Norwegian DPA has given Gator AS orders to discontinue all processing of personal information about its customers since they have not provided enough information in the smart bells they provide. In addition, PepCall AS and GPS for children – Smartprodukt AS have been notified of similar decisions.
Use right-click in Chrome to translate:
The Australian government published a de-identified open health data set in the past, which contained the patient data of a subset of the Australian population. – The de-identification process involved not just stripping direct identifiers, but also adding some inaccuracies to the data set. However, the data set was still at the person-level.
Researchers have been able to successfully re-identify some patients.
Continue reading “Researchers re-identify patients from a de-identified patient data set published by the Australian government”
An accessible, organized view on way and methods attackers attack enterprises..