When the National Institute of Standards and Technology (NIST) published its Cyber Security Framework in 2014, it consolidated and summarized international best practices for managing security on the Internet. The Cybersecurity Framework focused on the management of risk associated with critical infrastructure. In January of 2020, NIST published a companion standard, the NIST Privacy Framework: … Continue reading Privacy in Cyberspace: the NIST Privacy Framework
Imagine waking up one morning, opening your newspaper and being greeted by the news that your organization is implicated in a major privacy breach. This was my reality on December 10, 2002 when I was the Chief Privacy and Security Officer for the Ontario Smart Systems for Health Agency (predecessor to what is now Ehealth … Continue reading Surviving a Privacy Breach
Go to the website of any startup company in the health sector and you will see claims of HIPAA compliance. It’s the Holy Grail of privacy and security as it relates to health information. It is essential for marketing health information technology products and services in the United States. But are you really HIPAA compliant, and … Continue reading Are you HIPAA compliant?
Artificial intelligence (AI) is fast becoming a critical component in any innovative solution. I have noticed this in my work with start-up and scale-up companies. AI is no longer the stuff of science fiction. AI will soon be mainstream, and I predict that it will be a dominant feature of all health information systems within … Continue reading Artificial Intelligence, Health Care and Privacy
One of the subtle changes driven by the European Union’s General Data Protection Regulation (GDPR) is the gradual replacement of the term “privacy” with the term “data protection”. While this might not seem a big deal, language is everything. The terms we use often define the actions we take. In strict terms, privacy is about … Continue reading Privacy versus Data Protection: A Subtle Distinction