No matter what industry you’re in, an abundance of compliance acronyms fills your days with both confusion and regulation. We call it compliance alphabet soup. It’s time to make a little bit more sense of all those acronyms and what they mean for your business.
GDPR (General Data Protection Regulation)
We see the effects of this European law state-side because it requires businesses that interact with EU citizens to comply, regardless of location. GDPR aims to create greater data privacy and protection from breaches for all individuals and businesses. If there is a possibility that someone from the EU will be doing business with you, make sure that you comply with GDPR regulations. We’ll cover GDPR in greater detail in our next blog.
HIPAA (Health Insurance Portability and Accountability Act of 1996)
While this law has been on the books since 1996, many medical practices still are not HIPAA compliant. They think they are too small to be flagged despite HIPAA breach enforcement increasing and fines growing. $16 million marks the largest fine currently on record. For small companies that risk it, even those violations run about six-figures or more.
Even if you aren’t directly in the medical industry, pay attention! Any organization that works with a medical practice is responsible for HIPAA compliance through business associate agreements. These agreements apply to IT companies, law practices, accounting firms, and others that might have access to patient data. You need to have specific HIPAA-compliance, a breach response, and data recovery plans in place.
HITECH (Health Information Technology and Clinical Health Act)
HITECH entered the picture in 2009 and brought teeth to HIPAA violations. This law covers the electronic transmission of health information. In its best form, it’s meant to improve patient care through better doctor coordination, better sharing of information, and strong data security of electronic health records. In practice, all those privacy forms that you sign when you go to the doctor really do have an important purpose.
I-9 (Employment Eligibility Verification)
New hires must fill out this form within three days of employment to verify that they are eligible to work in the US. This is just one piece of paper in the sea of new hire paperwork, but don’t overlook it. Even if you’ve been correctly using the I-9 form for years, review again and check for form updates. Sometimes every employee must update their I-9 information and verification documents to remain compliant.
PCI DSS (Payment Card Industry Data Security Standard)
Do you collect credit card information within your business? Any payment data collected and stored must be PCI compliant. To ensure compliance:
Employ strong security standards such as firewalls, anti-virus protection, and regular updates that protect your network as a whole
Encrypt all credit card information transmitted across open networks
Maintain strong data access controls to ensure that rogue people don’t gain access to your information
These are only a few of the compliance acronyms you may deal with in your daily work. Don’t get lost in compliance alphabet soup. A quality IT firm like us can help you comply with the vast majority of these. We’re able to put a clear plan in place to ensure your firm is safe, overall.
Welcome to ATECHSO's website. To provide the best experience, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Compliance Alphabet Soup
No matter what industry you’re in, an abundance of compliance acronyms fills your days with both confusion and regulation. We call it compliance alphabet soup. It’s time to make a little bit more sense of all those acronyms and what they mean for your business.
GDPR (General Data Protection Regulation)
We see the effects of this European law state-side because it requires businesses that interact with EU citizens to comply, regardless of location. GDPR aims to create greater data privacy and protection from breaches for all individuals and businesses. If there is a possibility that someone from the EU will be doing business with you, make sure that you comply with GDPR regulations. We’ll cover GDPR in greater detail in our next blog.
HIPAA (Health Insurance Portability and Accountability Act of 1996)
While this law has been on the books since 1996, many medical practices still are not HIPAA compliant. They think they are too small to be flagged despite HIPAA breach enforcement increasing and fines growing. $16 million marks the largest fine currently on record. For small companies that risk it, even those violations run about six-figures or more.
Even if you aren’t directly in the medical industry, pay attention! Any organization that works with a medical practice is responsible for HIPAA compliance through business associate agreements. These agreements apply to IT companies, law practices, accounting firms, and others that might have access to patient data. You need to have specific HIPAA-compliance, a breach response, and data recovery plans in place.
HITECH (Health Information Technology and Clinical Health Act)
HITECH entered the picture in 2009 and brought teeth to HIPAA violations. This law covers the electronic transmission of health information. In its best form, it’s meant to improve patient care through better doctor coordination, better sharing of information, and strong data security of electronic health records. In practice, all those privacy forms that you sign when you go to the doctor really do have an important purpose.
I-9 (Employment Eligibility Verification)
New hires must fill out this form within three days of employment to verify that they are eligible to work in the US. This is just one piece of paper in the sea of new hire paperwork, but don’t overlook it. Even if you’ve been correctly using the I-9 form for years, review again and check for form updates. Sometimes every employee must update their I-9 information and verification documents to remain compliant.
PCI DSS (Payment Card Industry Data Security Standard)
Do you collect credit card information within your business? Any payment data collected and stored must be PCI compliant. To ensure compliance:
These are only a few of the compliance acronyms you may deal with in your daily work. Don’t get lost in compliance alphabet soup. A quality IT firm like us can help you comply with the vast majority of these. We’re able to put a clear plan in place to ensure your firm is safe, overall.
Categories
Latest Posts
Tags
Recent Comments