What is HIPAA?

In 1996, the Health Insurance Portability and Accountability Act or the HIPAA was endorsed by the U.S. Congress. The HIPAA Privacy Rule, also called the Standards for Privacy of Individually Identifiable Health Information, provided the first nationally-recognizable regulations for the use/disclosure of an individual’s health information. Essentially, the Privacy Rule defines how covered entities use individually-identifiable health information or the PHI (Personal Health Information). ‘Covered entities’ is a term often used in HIPAA-compliant guidelines.

Security Risk Assessment Tool

The SRA Tool is a self-contained, operating system (OS) independent application that can be run on various environments including Windows OS’s for desktop and laptop computers and Apple’s iOS for iPad only.

The SRA Tool takes you through each HIPAA requirement by presenting a question about your organization’s activities. Your “yes” or “no” answer will show you if you need to take corrective action for that particular item. There are a total of 156 questions.

How mature is your framework?

I have already worked with different customer frameworks, and the companies I worked, they also have their own.Everybody has one, and they all are more or less aligned with the standards: PMI, ITIL, Cobit, Togaf…

Every time I start with a new customer and I dig in the rules of the game (their framework), I ask some basic questions:

  • Does it cover management or it also includes technical and architecture sides of the work?
  • Has it templates? How good are these templates?
  • Do they describe standard processes?
  • Is there supporting tools for working in alignment with the framework? For instance, on management processes, a EPMO environment enables the people to track and report about the different subjects of the project.
  • And the last one: How mature is the utilization of the framework in the organization?

The answer to the last question is the more interesting to me, here is where you can see how committed is an organization in terms of governance and management of all the aspects of the IT activities in an organization.

Not all companies are committed and “married” with their frameworks, and the use demanded to the vendors is not always equal.

In an environment where different vendors are competing and you want to ensure the quality and coordination of the whole implementation of the IT activities, the exhaustive use of a framework is key to promote equal competition and avoid low quality.

This sounds basic, but I have seen this sequence so many times:

  • In short term they accept cheap proposals assuming lower levels of quality in terms of documentation. In the short term, there is not high impact
  • In medium term, when they want to offer new RFPs, they find the situation where the lack of documentation limits the number of providers to compete. The price increases and the quality decreases as in the next projects the lack of updated documentation extends all phases of the projects.
  • Finally, in the long term, you can see how the company decides that it is better to pay to the vendor who has the knowledge to update the documentation, being this process more expensive than the individual update every time you change something.

European Aviation Safety Agency

European Aviation Safety Agency (EASA) with regulatory and executive tasks in the field of civilian aviation safety.

Production Organization Approvals (POAs) are managed by EASA in accordance with Subpart G of Regulation (EC). The agency is responsible for:

  • The management of all applications from non EU countries (or from an EU country upon request of that country) for production organization approvals (POA).
  • The issue of related certificates and their continued surveillance.


The weird call of the week

I have received a fun call Today:

  • Me: what can I do for you?
  • Other: I want to implement Reach on my client. Have you installed Reach on your client?
  • Me: no, I have not done it. What do you mean?
  • Other: someone told me you worked on Reach activities.
  • Me: That’s true. But we have not implemented Reach on the client. We have helped them to adapt its processes and applications in order to be Reach compliance.
  • Other: so isn’t it something published by European Union?
  • Me: Yes, what is published is a set of goals and deliverables that can be done by each company in the way they want.
  • Other: Then, is not Reach an SAP module?
  • Me: no it isn’t.
  • Other: really? Then what is it?

I cannot continue…

At the end, the situation made sense. The customer is a mid-size company who has pre-register all their activities and that now is preparing the processes to arrive to the 10 Tons milestone in 2013.

Authorized Economic Operator (AEO)

During the work with the Logistics business unit, we are helping them to get the AEO certification. The obtention of this certification has a great value for their business: it allows them to access to some simplification during the custom process.


Member States can grant the AEO status to any economic operator meeting the following common criteria: customs compliance, appropriate record-keeping, financial solvency and, where relevant, security and safety standards.
The status of authorised economic operator granted by one Member State is recognised by the other Member States. This does not automatically allow them to benefit from simplifications provided for in the customs rules in the other Member States. However, other Member States should grant the use of simplifications to authorised economic operators if they meet specific requirements.

Economic operators can apply for an AEO status either to have easier access to customs simplifications or to be in a more favourable position to comply with the new security requirements. Under the security framework, which has been applicable since 1 July 2009, economic operators have to submit pre-arrival and pre-departure information on goods entering or leaving the EU. The security type of AEO certificate and the combined one allow their holders to benefit from facilitations with regard to the new customs controls relating to security.