Data Security & Compliance Blog

The Texas Medical Records Privacy Act (TMRPA), or the “Texas privacy act”, came into effect on September 1, 2019. The Texas privacy act is said to be similar to the Health Insurance Portability and Accountability Act (HIPAA), in that it was introduced to safeguard Protected Health Information (PHI), which relates to the “past, present or future health of an individual; the provision of healthcare to an individual; or the payment … Read more

The California Privacy Rights Act (CPRA) is a data privacy law that is designed to enhance the existing CCPA (California Consumer Privacy Act). The CPRA will come into effect on January 1, 2023, and applies to any business that collects personal information belonging to Californian residents. The CPRA also applies to businesses that buy, sell or share the personal information of 100,000 or more consumers or households in a year, … Read more

The Information Transparency and Personal Data Control Act (ITPDCA) was introduced on March 10, 2021, and has been hailed as “the first piece of comprehensive privacy legislation introduced in the 117th U.S. Congress.” Many see the ITPDCA as a step towards a new US data privacy environment. The purpose of the bill was to “establish a uniform set of rights for consumers and create one set of rules for businesses … Read more

One of the key differences between the GDPR, launched in May 2018, and the original Data Protection Directive (DPD) which was enacted in 1995, was the introduction of two specific roles: data controllers and data processors – both of whom have unique legal obligations. The reason why these roles were introduced was to close a loophole that allowed covered entities to essentially “pass the buck” when it came to safeguarding … Read more

The EU General Data Protection Regulation (GDPR), which came into effect on 25th May 2018, was introduced to give EU citizens more control over how their personal data is collected, stored, and used. The regulation places a lot of emphasis on consent and ensures that consumers have the right to access, move, modify and remove their personal data, upon request. They also have the right to deny companies the right … Read more

As we know, healthcare providers store large quantities of patient information, and this information can be very valuable. As a result, the healthcare industry is relentlessly targeted by cyber-criminals. In response to this problem, the United States Government introduced a federal statute called The Health Insurance Portability and Accountability Act of 1996 (HIPAA), which stipulates how healthcare service providers handle protected patient information. A failure to comply with HIPAA can … Read more

HITECH compliance stands for the Health Information Technology for Economic and Clinical Health Act. It was signed into law in 2009 in the USA as a part of the American Recovery and Reinvestment Act (ARRA). What is HITECH Compliance? The purpose of the HITECH Act was to encourage more healthcare providers in the USA to make proper use of electronic health records (EHR), whilst doing so in a responsible and … Read more

The Children’s Online Privacy Protection Act (COPPA) came into effect on April 21, 2000, and was officially amended on July 1, 2013. What is the Children’s’ Online Privacy Protection Act? The purpose of COPPA is to give parents more control over what information is collected from children, and about children, under the age of 13. COPPA applies to organizations that offer online services, including websites, apps and IoT devices (such … Read more

The Virginia Consumer Data Protection Act (VCDPA) was signed into law on March 2, 2021 and will take effect on January 1, 2023. What is the Virginia Consumer Data Protection Act? The VCDPA is said to be a simplified version of the Washington Privacy Act, and also shares many similarities with the California Consumer Privacy Act (CCPA). The purpose of the VCDPA is to give elevated rights to Virginia consumers … Read more

As Governments across the globe continue to introduce new, or revamp their existing data privacy regulations, having a compliance management solution in place is no longer optional for most enterprises. Before we continue, let’s first draw a distinction between a compliance management system (CMS) and a compliance management solution. A CMS is a collection of policies, procedures, and processes, which includes written documents, functions, processes, controls, and tools, all of … Read more