For over 15 years, HIPAA has been regulating ePHI (electronic protected health information) applicable to healthcare providers, insurance providers, and medical clearinghouses.
In 2009, the HITECH Act extended the reach of the laws. With the passing of the final HIPAA Omnibus Rule of 2012, compliance is required for these covered entities and their vendors (business associates). Failure to comply can lead to criminal and civil penalties for covered entities and business associates.
IT Risk Assessments - the first step to HIPAA security.
- Governance, risk, and compliance tool implementation assistance
- HIPAA security, privacy, and breach policy implementation assistance
- Development of IT security policies and procedures
- Development of IT continuity and disaster recovery plans
- Ongoing IT security monitoring
- Payment Card Industry (PCI) assessments
PCI regulations provide guidelines that make sure organizations securely store and continuously monitor cardholder data. To make sure businesses always meet PCI standards and are capable of thwarting the latest cyberattacks, it is important to regularly assess and strengthen security controls.
PCI assessments include discovering cardholder information, accounting tech assets and processes used during payment card processing, and analyzing vulnerabilities. Businesses who fail to comply can be fined up to $100,000 per month.
Implemented on May 25, 2018, the GDPR regulates data processing, security, data access, privacy, and breach notifications for businesses dealing with the EU.
To ensure GDPR compliance, it is imperative to conduct regular assessments such as gap analysis, data protection impact assessment (DPIA), and policy framework review. Non-compliance to GDPR can result in fines in the millions of dollars or 4% of annual turnover.