Non.TechJournal 11.1 - jwells24/Tech-Journal GitHub Wiki

Assignment 11.1 - Tech Journal

  • This page covers a range of topics over the last couple weeks, including HIPAA, PCI-DSS, GLBA, SOX, and other general data protection regulations.

HIPAA

  • The Health Insure and Portability Act (HIPAA) is designed to protect the privacy and security of health information and data. There are three main rules to HIPAA, being the security, privacy, and breach notification rule.

  • The privacy rule is put in place to protect specific PHI (Protected Health Information) and allows for health care coordinators to share PHI securely. Another important part of the privacy rule is that it reserves the rights of the patient to examine and view records of their own PH.

  • The security rule of HIPAA is put in place to cover the security aspects of safeguarding PHI. This involves implementing things such as employee compliance, protection and identification of threats, and also keeping data safe according to confidentiality, integrity, and availability (CIA) guidelines.

  • Lastly, the breach notification rule of HIPAA is put in place to ensure companies are notifying people when a breach occurs involving PHI. Health care providers affected by a breach involving PHI are required to notify affected peoples of what information was accessed, as well as what the actual breach was.

PCI-DSS

  • PCI-DSS is a data protection regulation designed to protect credit card information. PCI-DSS was put in place to provide security standards including network security and security assessments to better protect credit card information stored by merchants. I did my presentation on PCI-DSS standards, and a lot of good information can be found in my presentation which is linked below.

  • PCI-DSS Presentation: Here

GLBA & SOX

  • The Graham-Leach-Bliley Act (GLBA) and the Sarbanes-Oxley Act (SOX) are both standards and regulation regarding the financial sector of the United States, specifically insurance companies and financial institutions that deal with financial records.

  • GLBA involves a lot of regulations that are designed to protect financial records, including privacy notices which involves notifying people about when their financial information is shared with third parties. GLBA also requires financial institutions to create a security plan for practicing good security when it comes to protecting all of the financial information they deal with.

  • SOX has similar advantages to GLBA, including creating stronger security practices to protect financial information within certain institutions. SOX also focuses on imposing larger fines for executive and company malfeasance, as well as focusing more on company transparency to benefit the people who's information the company holds.