HIPAA Security Rule for dummies

HIPAA (Health Insurance Portability and Accountability Act) is a 1996 federal law that seeks to protect the medical information of patients. To achieve this, it lays down certain compliance requirements for covered entities. In the context of HIPAA, covered entities are organizations on which HIPAA is applicable. Under Title II of this act, the US … Continued

HIPAA Compliance for AWS-hosted SaaS

Amazon Web Services (AWS) is a leading cloud service provider. If you are a software-as-a-service (SaaS) provider, you may have availed one or more services from AWS. If you are working in the healthcare industry or your clients have covered entities that process, maintain, and store protected health information (PHI), HIPAA compliance becomes a necessity … Continued

HITRUST Compliance for Dummies

HITRUST stands for Health Information Trust Alliance (HITRUST). This alliance has defined and established a CSF – Common Security Framework. This framework can be used by organizations that access, store, create, or exchange either regulated or sensitive data. The framework has a set of prescriptive controls that harmonize the requirements of many standards and regulations in one place.  Background Story  … Continued

PCI DSS Compliance for SaaS Companies – An Overview

An increasing number of Software-as-a-Service (SaaS) providers are now involved in the transmission and storage of cardholder data. They may not be actually processing the data, the mere notion of storage and transmission brings such SaaS providers under the scope of PCI DSS compliance. In this article, we explore what PCI DSS compliance means for … Continued

HIPAA and Penetration Testing – Part I

HIPAA stands for the Health Information Portability and Accountability Act of 1996, and it was enacted by the US Congress and signed by the then President Bill Clinton in the same year. The primary motives of this legislation include –  Regulating and modernizing the flow of healthcare information of individuals,  Stipulating how PII (personally identifiable information) maintained … Continued

HIPAA Compliance on AWS – Cheatsheet

The Health Insurance Portability and Accountability Act of 1996, commonly called HIPAA, deals with the privacy and security of medical data in the United States. In order to deal with the protected health information (PHI) of an individual, a covered entity or its business associates service providers must fulfill the regulatory requirements of HIPAA and … Continued