Computerware Blog

Protecting your clients’ and employees’ personal and financial data has to be a consideration for every single business. Not only do you have a responsibility to protect this data, you also may have to do so to remain in compliance with regulations mandated by governments, industry organizations, and even your own business. With data privacy becoming a growing concern, we thought it would be useful to discuss the basics of compliance a bit in this month’s newsletter. 

Regulations are put on certain data constructs for a reason: the data within is sensitive. Today, there are seemingly more regulations than ever, and as the GDPR kicks in for organizations that deal with EU-based organizations, we thought it would be a good time to talk about how to navigate these highly-regulated environments to ensure success and security.

Compliance can be difficult for some businesses. They might know that it’s a necessity--and may even know what they have to do--but they just have trouble implementing practices that are designed to guarantee the meet their regulatory responsibilities. HIPAA and HITECH compliance laws in particular are difficult to navigate, and the results of failing to adhere to them can be dire.

Data loss, on any scale, is an organizational nightmare. Not only do you have to restore data, any lost productivity that comes as a result of the data loss incident makes it difficult on the budget. That’s only scratching of the surface of how serious data loss can be.

Technology is being deployed to help businesses of all kinds, including medical offices and other health-related facilities. By taking advantage of electronic medical records (EMR), organizations are capable of better managing their files in previously unprecedented ways. Unfortunately, even by eliminating the majority of physical records, this presents another problem that comes from digital environments: hackers and regulatory compliance laws.

Offices that fail to adapt to these changes in specific industries could be the target of compliance fines, which are more than capable of breaking budgets and hindering growth. If your office doesn’t take measures to ensure that all regulatory compliance laws are adhered to, your organization could be subject to fines that range anywhere between $100 and $50,000 per record. Your business literally cannot afford to pay for something that’s entirely preventable.

To help your business ensure compliance with regulatory laws like HIPAA, HITECH, and PCI, we’re going to go over them in detail and tell you what you need to know.

HIPAA
HIPAA, or the Health Insurance Portability and Accountability Act of 1996, is a series of compliance regulations used to enforce the privacy of electronic medical records. HIPAA covers the medical staff, patients, and employees of all healthcare-related organizations, including health insurance providers. To put it in layman’s terms, HIPAA gives patients the right to know how their electronic medical records are stored and used, and to make sure that health records and financial information are being stored according to HIPAA’s security specifications.

HITECH
The Health Information Technology for Economic and Clinical Health Act was part of a 2009 initiative to encourage medical practices to adopt new technology solutions that can improve their operations. HITECH looks at part of how HIPAA handles user privacy, stating that organizations covered by HIPAA need to report data breaches of 500+ affected users to the United States Department of Health and Human Services, the media, and to those who were affected. Additionally, HITECH alters the way that organizations handle the disclosure of electronic medical records, and how this information can be used throughout the caregiving process.

PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that are required to be met before an organization can implement major card-scanning technology systems. This is especially important, as credit card information is one of the most targeted pieces of data that a hacker will try to get their hands on. It doesn’t matter which industry you fall into; if you accept credit or debit card payments, you need to be PCI compliant. Some examples of required protocol include maintaining a firewall that protects cardholder data, restricting access to card numbers on a “need-to-know” basis, and tracking and monitoring network resources, including what accesses cardholder data.

Understanding compliance regulation isn’t something that comes naturally for everyone, but we want to help you better decipher laws that your organization might be subject to. For more information about HIPAA, HITECH, or PCI, give us a call at (703) 821-8200.