I think everyone needs to look at compliance to internal policy as well as compliance to FTC and OCR. These are big tasks not to be taken too lightly. Internet, privacy and security
Excerpt: A big take away for me were the similarities of the Federal Trade Commission’s investigations and the Office of Civil Rights Privacy post-breach investigations. Both agencies investigations are evaluating organizational policies and procedures, determining if they are current and if they are being followed consistently. The number of investigations completed by the FTC is much greater than OCR. I found this interesting because we are now beginning to see the Office of Civil Rights ramp up their investigation program and levy fines against organizations that are found out of compliance. If, the OCR follows the FTC’s lead related to privacy breaches it is about to get more expensive to be a healthcare organization, unless your business is compliant with HIPAA and HITECH regulations prior to a data breach.
Read full article via Cyber Risk & Privacy Liability Forum | ID Experts.