States Step Up, Above and Beyond, Compliance

Earlier this month, a blog post from our very own Garry McCracken discussed how meeting industry-specific compliance regulations can interrupt a company’s security strategy.

“Compliance does not necessarily mean data security, but a focus on security in terms of risk, confidentiality, integrity and availability is likely to cover a lot of compliance. A security-led approach is better than a “check list” compliance approach. This applies not only to the payment card industry but to all sectors including government, health, education, etc.” –Garry McCracken, CISSP, Vice President, Technology.

An interesting trend ongoing in the healthcare sector is the action by state legislatures to take security standards into their own hands following devastating breaches. Earlier this year, New Jersey passed a bill mandating health insurance companies in the state to use data encryption following the theft of two unencrypted laptops causing the Blue Horizon, Blue Cross, Blue Shield breach in 2014. After the recent attack on the locally-based Anthem, Connecticut aims to follow suit.

While we hope that it won’t take a major breach in every state to push this initiative nationwide, it is certainly reassuring to see state governments recognize that compliance standards like HIPPA are outdated. Earlier this week, the U.S. Office for Civil Rights announced that healthcare providers must undergo an in-depth HIPAA compliance standards audit; unfortunately, any approvals for the proposed changes will take even longer than it does to pass a bill through a state government!

If your state hasn’t hopped on board yet, it is worth looking into the laws that exist in Nevada, Massachusetts and New Jersey that exceed compliance with specific attention to encryption. For more information on security best practices for healthcare companies, check out the WinMagic eBook, “Healthcare Providers and Patient Data Security.”

 

Previous Post
Think Safety, Stay Secure
Next Post
Common Criteria collaborative Protection Profiles for FDE

Related Posts

Educating with Data Security

Education institutions have numerous important and sensitive documents stored that they are responsible for. This sensitive information belongs to students, parents and faculty and comes in the form of loans, financial records, employment records, etc. (more…)
Read more

Think Safety, Stay Secure

Safety is one of the most important aspects today – for people, for organizations, for governments and for countries. There is a lot of talk around the safety of people in general and data, which is critical to businesses. (more…)
RSA Conference

Five Observations from RSA 2018

I once again had the pleasure and privilege to attend the RSA Security conference in San Francisco, CA. rsaconference.com/events/us18. The conference keynotes, sessions and sidebar conversations were a good opportunity to see what the hot topics in security are. I…

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu