This is a quick guide to the Health Insurance Portability and Accountability Act (HIPAA) and how you can become HIPAA compliant. We will take you through a short definition of HIPAA compliance, as well as go through the data security related fundamentals of this compliance requirement. What is HIPAA Compliance? So, the first thing you might be asking yourself is; what is HIPAA compliance? The Health Insurance Portability and Accountability … Read more
Protected Health Information (PHI) is any data that is handled by a health care service provider, whether a Covered Entity (CE) or Business Associate (BA), that relates to the physical or mental health of an individual in some way. Any US organization that handles PHI is required to comply with HIPAA (Health Insurance Portability and Accountability Act of 1996). Below are some tips to help organizations achieve compliance with HIPAA … Read more
Three Major Ways the Compliance Landscape Will Evolve in 2019
01.04.2019, Compliance, by
Philip Robinson.
Now that most of us are back to work as normal and have just about got over the New Year’s Eve hangover, it’s time to take a look at everyone’s favourite topic; compliance! All jokes aside, the compliance landscape is looking particularly interesting heading in to 2019, and organizations of all shapes and sizes will have to pay attention if they want to avoid being demonized by the press and … Read more
Compliance mandates are (intentionally) stringent and difficult to meet. The reasons behind this are to force organizations to apply the strictest data security policies to ensure that customer data is secure. The Healthcare Insurance Portability and Accountability Act (HIPAA) is no exception to this rule. In many ways, due to the evolving use of technology in the healthcare industry, HIPAA compliance is becoming harder to meet. The advent of wearable … Read more
The GDPR, which came into effect on May this year, has been off to a slow start, it would seem. As it stands, the largest fine issued by the Information Commissioner’s Office (ICO) was £500,000. Although Facebook came under a lot of fire over the data breach where Cambridge Analytica scraped the personal information of more than 50 million Facebook users, this happened before the GDPR came into effect. Even … Read more
Microsoft have secretly been collecting data on how people in the EU are using their Office products and sending it over to servers in the USA for storing, according to a report by the Dutch government. Even those with a rudimentary understanding of the GDPR can see that this is a fragrant breach of the regulations and could potentially lead to huge, multi-million-dollar fines. Basically, Microsoft were collecting diagnostic data … Read more
It’s been almost five months since the GDPR was enforced and, on the face of it, the world took notice and realized the importance of compliance. Regulatory bodies and governments even began to make their own data protection regulations tighter in line with the new requirements, such as the UK government did with the Data Protection Act. With the GDPR, in effect, up and running, you would expect data security … Read more
Is Your Data Access Governance Program Fit for GDPR Compliance?
08.24.2018, Compliance, by Philip Robinson.
Regardless of whether we are talking about GDPR, HIPAA, PCI-DSS or any other data protection regulation, they all require some form of data access governance program. A DAG program is required to ensure that organizations know what data they store, and the reasons why they are storing it. They are required to know where their sensitive data is located, who has access to it, and the type of access they … Read more
Complying with regulations is often perceived as a burdensome and costly endeavour. And in many ways, it is. But there are a number of reasons why complying with PCI-DSS can be a valuable asset to your business. Before we dive into the benefits, it is important to go through some of the basic PCI-DSS requirements. The requirements mandate companies to; install and maintain a firewall, not use any defaults passwords, … Read more
Dixons Carphone: Lessons from the First High Profile GDPR Data Breach
06.19.2018, Compliance, by Philip Robinson.
So, it hasn’t been long since the introduction of GPDR, and we’ve already seen the first high profile breach of the new data protection laws with Dixons Carphone. The multi-billion-dollar organization revealed that they suffered a cyber-security breach that involved the personal data of over a million customer records. The data included personally identifiable information (PII), including names, addresses and email addresses. The breach also related to PCI compliance as … Read more
