States Step Up, Above and Beyond, Compliance

Earlier this month, a blog post from our very own Garry McCracken discussed how meeting industry-specific compliance regulations can interrupt a company’s security strategy.

“Compliance does not necessarily mean data security, but a focus on security in terms of risk, confidentiality, integrity and availability is likely to cover a lot of compliance. A security-led approach is better than a “check list” compliance approach. This applies not only to the payment card industry but to all sectors including government, health, education, etc.” –Garry McCracken, CISSP, Vice President, Technology.

An interesting trend ongoing in the healthcare sector is the action by state legislatures to take security standards into their own hands following devastating breaches. Earlier this year, New Jersey passed a bill mandating health insurance companies in the state to use data encryption following the theft of two unencrypted laptops causing the Blue Horizon, Blue Cross, Blue Shield breach in 2014. After the recent attack on the locally-based Anthem, Connecticut aims to follow suit.

While we hope that it won’t take a major breach in every state to push this initiative nationwide, it is certainly reassuring to see state governments recognize that compliance standards like HIPPA are outdated. Earlier this week, the U.S. Office for Civil Rights announced that healthcare providers must undergo an in-depth HIPAA compliance standards audit; unfortunately, any approvals for the proposed changes will take even longer than it does to pass a bill through a state government!

If your state hasn’t hopped on board yet, it is worth looking into the laws that exist in Nevada, Massachusetts and New Jersey that exceed compliance with specific attention to encryption. For more information on security best practices for healthcare companies, check out the WinMagic eBook, “Healthcare Providers and Patient Data Security.”

 

Previous Post
Think Safety, Stay Secure
Next Post
Common Criteria collaborative Protection Profiles for FDE

Related Posts

When virtual environments get too heavy

When Virtual Environments Get Too Heavy

As an encryption security vendor that is working its way into Mobile Device Management (MDM), I’m fascinated and constantly looking at new ways to secure mobile devices and company information. As someone with a background in virtualized environments, I’m even…
Read more

Educate Yourself on Data Privacy Day

Today we celebrate Data Privacy Day! Created and led through Stay Safe Online and the National Cyber Security Alliance. This day is celebrated by organizations across the United States, Canada and Europe to create awareness about the importance of privacy…
Read more

Think Safety, Stay Secure

Safety is one of the most important aspects today – for people, for organizations, for governments and for countries. There is a lot of talk around the safety of people in general and data, which is critical to businesses. (more…)

2014 the year of Cyberwar

This year has been a scary year when it comes to cyber-attacks. Almost 9 billion records were compromised so far, and I would not be surprised if there were more. When it comes to these data breaches it is not…

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu
Contact Us

This will close in 15 seconds