Compliance


Compliance

HIPAA, PCI, GDPR, HITRUST, NIST, SOC 2, NYDFS Compliance Articles

Learn about HIPAA compliance, PCI compliance, GDPR compliance, HITRUST certification, NIST compliance, SOC 2 reporting, NYDFS compliance.

Our compliance experts tell you what you should know about your first HIPAA risk assessment, where to start with PCI compliance, how state law is improving consumer privacy, and more.


13

Mar 2019

The Changing State of Consumer Privacy

Consumer Privacy Laws With data breaches on the rise, many new data protection regulations have been enacted. The European Union’s (EU) General Data Protection Regulation (GDPR) is the first and most well-known of these. This opened a floodgate of action in the US. Several new or bolstered laws have gone into effect in the United States to protect the privacy of its citizens. GDPR Explained...

Read More


06

Mar 2019

Are You Ready for a ROC?

We recently answered the question, “How do I know if I have to be PCI compliant?”. That post is a good way for those new to the Payment Card Industry (PCI) world to learn some of the basics. Now, are you ready for a ROC? In this second installment of our three-part PCI compliance series, we will go more in depth to explain the PCI Report...

Read More


20

Feb 2019

How Do I Know If I Have to Be PCI Compliant?

Payment Card Industry compliance is intended to make credit and debit card transactions more secure and to protect cardholders against misuse of their personal information. This article explains who must be PCI compliant, the levels of compliance, the role of PCI experts, and the types of reporting that must be completed. What is the PCI DSS Standard? The PCI Data Security Standard (PCI DSS) is a...

Read More


16

Jan 2019

Should I Go Through HITRUST Certification Even If It’s Not Required?

The HITRUST CSF is a set of security controls designed to help organizations that work with sensitive healthcare data to become more secure. Since HITRUST is gaining traction, many organization decision makers are asking the question, “Should my company go through HITRUST certification even though we’re not required to do so?”. This article explores what it means to be HITRUST certified and the benefits of...

Read More


02

Jan 2019

What You Need to Know About HIPAA Risk Assessments

The Health Insurance Portability and Accountability Act (HIPAA) describes how organizations that store, process, maintain, or transmit Personal Health Information (PHI) must handle this sensitive information. HIPAA is comprised of the Privacy Rule, the Security Rule, and the Breach Notification Rule which collectively mandate how patient privacy should be ensured and how the sensitive health data should be protected. One component of HIPAA is the...

Read More


05

Nov 2018

The Importance of Configuration Standards for Regulatory Compliance

Developing and implementing strong configuration standards for regulatory compliance is an important aspect of an organization’s cybersecurity strategy. Privacy regulations commonly require configuration standards. Therefore, knowing how to create strong ones is an important part of achieving and maintaining regulatory compliance for frameworks such as HIPAA/HITECH, PCI DSS, and NIST. What Are Regulatory Compliance Configuration Standards? All technology comes with a default configuration and, in...

Read More


10

Oct 2018

Does HIPAA Apply to Me?

Over the course of Sword & Shield’s years of HIPAA compliance consulting, we have been asked many times, “Does HIPAA apply to me?” In this post, we describe how your organization can determine whether or not you are required to be compliant with the HIPAA regulations for privacy and security of protected health information (PHI). Introduction to HIPAA The Health Insurance Portability and Accountability Act (HIPAA)...

Read More


10

Sep 2018

New PCI SSC Payment Security Tool Helps Small Merchants

The Verizon Data Breach Investigations Report found that small businesses made up 61% of the organizations surveyed. These highly-targeted businesses often do not have the technical expertise on staff necessary to effectively thwart or manage security attacks. PCI Payment Security Tool Purpose To assist small merchants in fighting cyber crime, the PCI Security Standards Council (PCI SSC) recently announced the launch of the PCI Data...

Read More


23

Aug 2018

Making PCI DSS Business as Usual

Learn how to achieve PCI DSS Business as Usual as part of your compliance. The PCI DSS standards are designed to ensure that companies processing, transmitting or storing customer credit card information are protecting it appropriately. The process for becoming PCI certified includes passing a yearly audit where security controls are evaluated, meaning that the minimum requirement for certification is ensuring that systems are compliant at...

Read More


31

Jul 2018

Lessons Learned from the MD Anderson Breaches

The MD Anderson Cancer Center at the University of Texas was recently fined $4.3 million by the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) concerning data breaches that resulted in the loss of the health information of 33,500 patients. In this article, we called on one of our healthcare experts, Security Consultant Jeremy Bess, to explain what lessons can...

Read More



Page 1 of 3123