SEC345_nonTechJournal - ConnorEast/Tech-Journal GitHub Wiki
HIPPA - Health insurance Portability and Accountability Act - Public Law(104-191)
Why did it come about:
HIPAA came about in 1996 because prior to its arrival there was no standard for protecting health information. The way of doing this would be by forcing health care professionals into not allowing PHI to leave the premises except under a few circumstances.
Who is responsible:
Those that would be held responsible for PHI leaving the premises would be Healthcare providers, Healthcare Clearinghouses, Business Associates, etc. All forms of health plans would be covered as well.
How does it work:
HIPAA consists of a privacy rule as well as a security rule. The privacy rule essentially states how data must be stored, How the data must be used, and
How it can promote high-quality healthcare. The security rule explains how corporations must ensuring CIA triad of all e-phi, Detect and protect against anticipated threats to e-phi, Protects against unauthorized use of e-phi, and finally it Certifies Compliance.
Permitted use of PHI
Disclosure to the individual, payment/ healthcare operations, consent, limited dataset usage, public interest.
Enforcement:
CIVIL - HHS fine of $100 per failure till $25,000.
Criminal - HHS fine of $50,000; $100,000; 250,000; and a respective 1,5,10 years in jail.
benefits:
Increases data safety
drawbacks:
Makes peoples jobs more difficult.
GLBA/SOX - Gramm-Leach-Bliley (GLBA), Sarbanes-Oxley(SOX) -
Why did it come about:
The GLBA/SOX law was passed November 12 1999. The main purpose of this bill was to allow individuals to have their savings at the same organization they were investing with. The main reason behind this was to allow people to be financially stable in both good and bad economic conditions.
Who is responsible:
everyone that works in finance is responsible: be they accountants, banks, payday lenders, nonbank lenders, or even debt collectors.
How does it work:
The regulations that were put in place have the purpose of Safeguarding sensitive information, ensuring data privacy, maintaining regulatory compliance, and mitigating risks associated with cyber threats and breaches. Essentially banks need to be transparent.
benefits:
Helps prevent malware spread, allows individual to opt out of information sharing, improves corporate security practice through trainings.
drawbacks:
It gives Corporate a lot of headaches. This could be a benefit to some.
PCI - Payment Card Industry Compliance --
Why did it come about:
Due to a raise in credit card fraud in the 1990s banks realized they must implement policies. However, the policies heavily confused merchants and as such they created a team to give specific requirements. This team created the first version of the PCI-DSS (Payment Card Industry Data Security Standard) on December 15th 2004.
Who is responsible:
Anyone and anything that allow for point of sale transactions. It covers Merchants, Processors, Acquirers, Issuers, and service providers respectively.
How does it work:
Cardholder data must be encrypted as long as it is being transmitted over a private network. They must have firewalls, segragation of pcd from other network traffic. Systems must be up to date. Organizations must allow for monitoring and logging in order to confirm the system has not been compromised. Companies must use least privledges. Essentially everything must be audited.
benefits:
It enhances the security of payment card transactions and decreases theft and fraud. Helps maintain integrity of the payment card industry.
drawbacks:
Complexity + Cost, Resource intensive nature, and complexity of compliance