Compliance

The Patient and the Painter

There are two analogies I use more than any other when it comes to educating people about compliance and management; specifically risk management, as it relates to regulation, business processes and best practices. I have worked in compliance for over 10 years and in information technology (IT) for 15, and in my experience, they...

9 Reasons Why Backing Up Cloud Services are Critical

"Insert Company Here" is Not Responsible for Your Data:  While Microsoft, Google, or AWS might be responsible for keeping the cloud infrastructure services available (which makes sense), you are accountable for protecting your data which is hosted by those services. With Microsoft, this is commonly known as the Office 365 Shared Responsibility Model , which...

Risk vs Reward: Weighing the Pros and Cons of HIPAA Compliance

HIPAA is an important part of healthcare today because it ensures the implementation of safeguards to protect sensitive personal and health information. Clients, Customers, and Patients are trusting you with their most precious information; their identify and health information.  How are you earning trust?  How are you protecting it? During this article, we try...

HIPAA Compliance network of actionable compliance measures

Why You Need a HIPAA IT Strategy

HIPAA Compliance for your IT systems is not optional The choice of what medical treatment we receive is a respected human right. The right to privacy and control for our health care is an established American value. The Health Insurance Portability and Accountability Act of 1996, commonly referred to as HIPAA, set out the legal...

Does PCI DSS Apply to me?

What are the 12 requirements of PCI? Protect your system with firewalls Configure passwords and settings Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks Use and regularly update anti-virus software Regularly update and patch systems Restrict access to cardholder data to business need to know Assign a unique ID to each person with computer access Restrict physical access...