Having just returned from the it-sa 2017 show in Nuremberg, I wanted to write down some thoughts.
First of all, I am very happy that we decided to take part in the show together with our absolutely excellent distribution partner, ProSoft and have enjoyed spending time with their it-sa team. Andreas, Daniel, Markus, Peter, Sven and Veronika, you all rock!
Am also glad that I got to meet so many partners, existing, new and potential. Talking to you and understanding how you see the business helps us develop in the direction that allows us to best serve the market. It also reconfirms my belief that working together is the way to achieve things.
Talking with attendees at the fair, a few things became even clearer to me. The imminent arrival of the new GDPR legislation is really hitting home. To me it feels like the time to educate about why to take steps to protect people’s data is over and it is time to provide solutions to how to do it and how to prove it is done.
How HIPAA is enforced and what you can do to secure your devices
HIPAA non-compliance is painful and costly. If your organization is guilty of non-compliance, you may be held liable for litigation, legal expenses, hefty fines, and huge settlements. Back in April, when Roger Severino became the Director of the HHS Office of Civil Rights (OCR), he made it clear that he was looking for a “big, juicy, egregious” HIPAA breach to set an example for other non-compliant organizations. He also made it clear to smaller organizations that he wasn’t just going after large healthcare organizations.
“Just because you are small doesn’t mean we’re not looking and that you are safe if you are violating the law (sic). You won’t be.”
And he’s not just making threats. He’s following through. According to this HIPAA Journal article, between the time he became OCR Director until early September, 8 settlements have been reached and one has a civil penalty. Of those, two concern us: