No matter what industry you’re in compliance acronyms are abundant, filling your days with both confusion and regulation. They are required by federal law and the rules apply to everyone.
Whether it’s HIPAA regulations or payment card data security there are national standards put in place. We call it the compliance alphabet soup. It’s time to make a little bit more sense of all of those acronyms and what they likely mean for your business.
General Data Protection Regulation (GDPR)
While GDPR only applies to the European Union and information leaving the EU, we are seeing its effects state-side because it requires businesses that interact with EU citizens to comply, regardless of location. The goal of GDPR is to create greater data privacy and protection from breaches. If you do business overseas or if there is the slightest likelihood that someone from the EU will be visiting your site or interacting with you online, make sure that you comply with GDPR regulations.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA (Health Insurance Portability and Accountability Act of 1996) compliance involves patient health information. While this law has been on the books since 1996, many medical practices are still not HIPAA compliant and believe that they are too small to be touched.
Even if you aren’t directly in the medical industry or working with the department of health, pay attention! Beyond the practices themselves, any organization that works with a medical practice holds responsibility in HIPAA compliance through associate agreements. These agreements particularly apply to IT companies, law practices, accounting firms, and others that might have access to patient data in any way.
Bottom line, all patients and their individually identifiable health information must be protected, encrypted, and safe. You also need to have a specific HIPAA compliance plan, breach response plans, and data recovery methodology. HIPAA has gained notoriety with larger scale medical breaches in recent years, in addition to larger fines levied for HIPAA breaches.
The largest fine currently on record is $16 million. Small companies are also being hit with violations costing about $1.5 million apiece.
Health Information Technology and Clinical Health Act
HITECH entered the picture in 2009 and brought grit to HIPAA violations. This regulation specifically covers the electronic transmission of health information. In its best form, it’s meant to improve patient care through better doctor coordination, better sharing of information, and strong data security of electronic health records. In practice, all those privacy forms that you sign whenever you go to the doctor really do have an important purpose.
I-9 Employment and Eligibility Verification
The I-9 (Employment Eligibility Verification) is the form that new hires must fill out within three days of employment to verify that they are eligible to work within the US. While this piece of paper may get lost among the sea of new hire paperwork, it should never be overlooked.
Even if you’ve been correctly employing the I-9 form for years, you may want to go back and check for form updates. Some updates will have no impact; but to be truly in compliance, you’ll sometimes need to go back and have every employee update their I-9 information and verification documents.
Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS (Payment Card Industry Data Security Standard): Do you collect credit card information within your business? Any payment data collected and stored must be PCI compliant. To ensure compliance:
· Encrypt all credit card information transmitted across open networks
· Maintain strong data access controls to ensure that rogue people don’t gain access to your information
These are just a few of the compliance acronyms you may encounter in your daily work. Don’t get lost in the compliance alphabet soup. A quality IT firm can help you comply with the vast majority of these and will be able to put a clear plan of action in place to increase your cybersecurity footprint.
There has been an uptick in new forms of data breaches due to COVID-19. If you have data protection concerns and want to ensure you’re compliant contact The TNS Group today. The security of your clients and your business depends on it.