Compliance


Learn about HIPAA compliance, PCI compliance, GDPR compliance, HITRUST certification, EI3PA compliance, SOC 2 reporting, NYDFS compliance and more.


05

Nov 2018

The Importance of Configuration Standards for Regulatory Compliance

Developing and implementing strong configuration standards for regulatory compliance is an important aspect of an organization’s cybersecurity strategy. Privacy regulations commonly require configuration standards. Therefore, knowing how to create strong ones is an important part of achieving and maintaining regulatory compliance for frameworks such as HIPAA/HITECH, PCI DSS, and NIST. What Are Regulatory Compliance Configuration Standards? All technology comes with a default configuration and, in...

Read More


10

Oct 2018

Does HIPAA Apply to Me?

Over the course of Sword & Shield’s years of HIPAA compliance consulting, we have been asked many times, “Does HIPAA apply to me?” In this post, we describe how your organization can determine whether or not you are required to be compliant with the HIPAA regulations for privacy and security of protected health information (PHI). Introduction to HIPAA The Health Insurance Portability and Accountability Act (HIPAA)...

Read More


10

Sep 2018

New PCI SSC Payment Security Tool Helps Small Merchants

The Verizon Data Breach Investigations Report found that small businesses made up 61% of the organizations surveyed. These highly-targeted businesses often do not have the technical expertise on staff necessary to effectively thwart or manage security attacks. PCI Payment Security Tool Purpose To assist small merchants in fighting cybercrime, the PCI Security Standards Council (PCI SSC) recently announced the launch of the PCI Data Security...

Read More


23

Aug 2018

Making PCI DSS Business as Usual

Learn how to achieve PCI DSS Business as Usual as part of your compliance. The PCI DSS standards are designed to ensure that companies processing, transmitting or storing customer credit card information are protecting it appropriately. The process for becoming PCI certified includes passing a yearly audit where security controls are evaluated, meaning that the minimum requirement for certification is ensuring that systems are compliant at...

Read More


31

Jul 2018

Lessons Learned from the MD Anderson Breaches

The MD Anderson Cancer Center at the University of Texas was recently fined $4.3 million by the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) concerning data breaches that resulted in the loss of the health information of 33,500 patients. In this article, we called on one of our healthcare experts, Security Consultant Jeremy Bess, to explain what lessons can...

Read More


19

Jun 2018

HITRUST Introduction: Getting Started

Sword & Shield offers this HITRUST introduction to take some of the mystery out of this comprehensive compliance tool and to explain what you need to know in order to get started with HITRUST compliance. Let’s start with the basics: What is HITRUST? The Health Information Trust Alliance (HITRUST) is a United States company that has partnered with leaders in the healthcare, technology, and information security...

Read More


05

Jun 2018

Ensuring GDPR Compliance for Your Enterprise

The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25. If your company does business internationally, its electronic privacy processes and procedures must comply with GDPR requirements. This article discusses the new framework and ensuring GDPR compliance within your organization. What is the GDPR? The GDPR is concerned with data privacy and contains a number of new requirements for businesses. Failure...

Read More


09

May 2018

Complying with HIPAA encryption standards; what you need to know

By Jeremy Watson Have you encrypted your electronic protected health information (ePHI) data at rest (being stored in persistent storage) and in transit (flowing from one point to another, whether it be the over the internet or a private network)? If so, you’re compliant with the HIPAA encryption standard and, therefore, covered by the Safe Harbor Rule in case of a breach. This means you’re...

Read More


11

Apr 2018

Understanding HIPAA Today

Look back into the Healthcare Privacy and Security Standard’s growth to understand where we are today. By Chris Lyons When the Health Insurance Portability and Accountability Act (HIPAA) was signed into law in August of 1996, the intent was to provide an improved method of allowing employees to ensure they were able to retain healthcare coverage between jobs, combat waste and fraud in healthcare, and...

Read More


03

Apr 2018

Cybersecurity Spring Cleaning: Critical Data Scans

By Bowe Hoy Protecting your organization’s critical data requires knowing where it is. Have you ever lost something in your house despite spending hours looking “everywhere” for it? Or stumbled upon a cache of items you forgot you had? This probably motivated you to do some major cleaning; sorting, organizing and disposing of stuff to know where the important items are located and easily get...

Read More



Page 1 of 41234