HIPAA Security Rule for dummies

HIPAA (Health Insurance Portability and Accountability Act) is a 1996 federal law that seeks to protect the medical information of patients. To achieve this, it lays down certain compliance requirements for covered entities. In the context of HIPAA, covered entities are organizations on which HIPAA is applicable. Under Title II of this act, the US … Continued

HITRUST Compliance for Dummies

HITRUST stands for Health Information Trust Alliance (HITRUST). This alliance has defined and established a CSF – Common Security Framework. This framework can be used by organizations that access, store, create, or exchange either regulated or sensitive data. The framework has a set of prescriptive controls that harmonize the requirements of many standards and regulations in one place.  Background Story  … Continued

Difference between SOC 1 and SOC 2

So often we have seen that our clients are confused between SOC 1 and SOC 2 audits. Though both these frameworks deal with the controls implemented within your organization, their focus areas are different. SOC 1 primarily focuses on how an organization is dealing with financial data. On the other hand, SOC 2 checks how an … Continued

HIPAA and Penetration Testing – Part II

In the first part of this article, we discussed the basics of HIPAA along with the Privacy Rule and the Security Rule in brief. It must be noted that the Security Rule only applies to ePHI, and it prescribes three types of safeguards – administrative, technical, and physical. Each of these safeguards is discussed in … Continued

HIPAA and Penetration Testing – Part I

HIPAA stands for the Health Information Portability and Accountability Act of 1996, and it was enacted by the US Congress and signed by the then President Bill Clinton in the same year. The primary motives of this legislation include –  Regulating and modernizing the flow of healthcare information of individuals,  Stipulating how PII (personally identifiable information) maintained … Continued

HIPAA Compliance on AWS – Cheatsheet

The Health Insurance Portability and Accountability Act of 1996, commonly called HIPAA, deals with the privacy and security of medical data in the United States. In order to deal with the protected health information (PHI) of an individual, a covered entity or its business associates service providers must fulfill the regulatory requirements of HIPAA and … Continued