Note: The following links are provided as a service to blog visitors and, while I believe they’re of value, I can’t vouch for their accuracy or the fact that some sites might have been moved. Nor does a link to an outside website constitute an endorsement of that website.
Rules and Regulations
State Security Breach Notification Laws
Thirty-five states have enacted legislation requiring companies and/or state agencies to disclose security breaches involving personal information. This website provides summaries of legislation and links to the text of statutes and bills.
Guidance Documents
HIPAA Compliance Review Analysis and Summary of Results
During 2008, the CMS (Centers for Medicare & Medicaid Services) reviewed several HIPAA covered entities (CEs) for their compliance with the HIPAA Security Rule. They found that the CEs had significant problems in 6 key areas including the provision of security awareness training. Pages 9 through 11 of this document describe the CMS recommendations for improving security awareness training which should be required reading for all organizations handling sensitive information – not just in healthcare.
NIST SP 800-16: Information Technology Security Training Requirements: A Role- and Performance-Based Model
- Pt. 1 – Report Text Adobe .pdf (845 KB)
- Pt. 2 – Appendix A-D: Adobe .pdf (96 KB)
- Pt. 3 – Appendix E: Adobe .pdf (374 KB)
NIST SP 800-50: Building an Information Technology Security Awareness and Training Program
- Adobe .pdf (4,131 KB)
- Zipped .pdf file (3,565 KB)