Category:

Compliance Standards

Staying informed about all of the cyber security compliance standards is essential to keeping your company safe from hackers. Read on to learn about the various steps you can take to stay up to date with your industry’s compliance standards.

PCI DSS

Does PCI Compliance Apply to Payment Facilitators?

by RSI Security December 13, 2019January 14, 2020

written by RSI Security

The last thing anyone wants is to become a victim of fraud. Losing hard-earned money to a nefarious or ill-equipped website is still a fear for many Americans. In fact, in a survey on fraud in online shopping conducted by Paysafe, a leading global payments provider, researchers found that 59 percent of Americans believe fraud to be an inevitable part of online shopping.

Certainly then, ensuring customers feel secure when making any payments using credit cards is crucial to company success. Another survey on security measures conducted by Lost in Translation indicated that 71 percent of consumers are “open to the introduction of more secure payment processes such as two-factor authentication.”

December 13, 2019January 14, 2020 2 comments

HIPAA / Healthcare Industry IT Security & Cybersecurity Awareness Training

What Your HR Team Needs to Know About HIPAA?

by RSI Security December 9, 2019September 4, 2020

written by RSI Security

When it was first created, the Health Insurance Portability and Accountability [HIPAA] Act was enacted in order to safeguard a patient’s protected health information [PHI]. Over the years, the policy has evolved so that both covered entities and business associates are beholden to the rules and regulations mandated via HIPAA. However, even the businesses outside of that specific purview should be aware of HIPAA’s rules and act in accordance, particularly since all employers will possess at least some employee PHI.

Violations of HIPAA can result in serious legal ramifications to both your business and any employees who are found guilty of such breaches. Therefore, it’s essential that your HR team is trained in HIPAA compliance procedures and protocols, especially if you’re a covered entity or business associate. Below, we’ll discuss everything you need to know about HIPAA and HIPAA training for HR professionals.

December 9, 2019September 4, 2020 0 comment

HIPAA / Healthcare Industry HITECH

Main Goals of HITECH: Everything You Need to Know

by RSI Security December 6, 2019September 2, 2020

written by RSI Security

In 2009, the Obama administration announced the release of the American Recovery and Reinvestment Act. The stimulus bill covered a broad swath of policy meant to jumpstart American industry in the wake of the Great Recession. In addition, President Obama saw this as a mechanism for revising Clinton’s Health Insurance Portability and Accountability (HIPAA) Act of 1996. To that end, he introduced the Health Information Technology for Economic and Clinical Health (HITECH) Act.

The fundamental purpose of HITECH was to push the American healthcare industry into the digital age and to better protect patient’s privacy and security with regards to their confidential patient information. But that’s not all this bill sought to bring to pass. Below, discover the main objectives and goals of HITECH.

Read on to find out.

December 6, 2019September 2, 2020 0 comment

HITRUST

How Much Does HITRUST Certification Cost In 2020?

by RSI Security December 5, 2019April 10, 2020

written by RSI Security

Good results don’t necessarily come cheap.

When it comes to the technical infrastructure that manages data within the healthcare industry, it not only needs to be highly useful for approved personnel like doctors and pharmacists, but it also needs to be kept very safe at the same time. In other words, data on these systems need to be both highly secure and highly accessible. It’s a little easier said than done.

The ten biggest healthcare data breaches in 2018 ended up costing major sums of money and compromising millions of patient data records. Breaches in the healthcare space are rising because cybercriminals are gluttons for other people’s data, and hospitals retain loads of it.

December 5, 2019April 10, 2020 0 comment

HIPAA / Healthcare Industry

What Is PHI (Protected Health Information)?

by RSI Security December 4, 2019September 4, 2020

written by RSI Security

What Is Considered PHI (Protected Health Information)?

When you walk into any hospital or private doctor’s office, you’re immediately bombarded by a list of questions. These range from personal questions about your lifestyle and medical history to private questions about your address, insurance, and other information you don’t want to be disclosed. You’d hope, being that there’s a notion of doctor-patient confidentiality, that all this information is handed over in confidence.

And it is. According to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), all this information constitutes protected health information (PHI). The release of vital patient details breaks HIPAA’s Privacy and Security Rules — thus inciting fees and penalties for the healthcare entity.

Some questions to consider when reading ahead: How was this system set up? What is protected health information? And how can healthcare organizations and their business associates offer their patients security and avoid penalties under HIPAA?

December 4, 2019September 4, 2020 0 comment

Compliance Standards

How to Use Security Certification to Grow Your Brand

by RSI Security December 2, 2019December 19, 2019

written by RSI Security

In today’s competitive business environment where small and large businesses alike must compete with megaliths like Walmart and Amazon, creating a strong brand is key to maintaining a strong customer base. Of course, there are many aspects that you could implement to build a positive brand, but security for any company that handles or stores customer data or transactions is a key element of a positive brand.

If you want to be taken seriously as a business owner, you must ensure that security is a top priority as one customer data security study conducted by digital security expert Gemalto found. Out of the 10,000 customers they surveyed, only 27 percent of consumers felt that businesses take customer data security very seriously. Additionally, 70 percent of consumers said that they would altogether stop doing business with a company if it experienced a data breach.

December 2, 2019December 19, 2019 0 comment

NIST 800-171 / DFARS

NIST Guidance on Mobile Security

by RSI Security November 29, 2019December 6, 2019

written by RSI Security

Over the last two decades, the role of IT departments has undergone dramatic change due to the growing percentage of Americans who rely upon their tablets, smartphones, or similar mobile devices to accomplish their daily work activities. As is so often the case, this progress has been a boon in some ways and a mounting problem in others, especially for IT; on one hand, the Internet of Things [IoT] has made it so employees are more efficient, on the other, it has opened up a new Pandora’s box of potential cybersecurity threats.

Security controls rarely keep pace with the security risks posed by new tech. And in the case of mobile, security threats arise from both bring your own device [BYOD] policies as well as corporately owned and personally enabled [COPE] mobile policies. In response to this looming threat, the National Institute of Security Technology [NIST] released its “Guidance on Mobile Security Report,” which we’ll outline below. Armed with these security recommendations, your business can ensure that your mobile security practices are up to date and robust.

November 29, 2019December 6, 2019 0 comment

HIPAA / Healthcare Industry

What Is the Difference Between HIPAA vs. FERPA?

by RSI Security November 27, 2019September 4, 2020

written by RSI Security

In recent decades, public health agencies and public schools have worked hand in glove, sharing health information about students in order to better understand the broader picture of teens’ overall health. In addition, schools have increasingly sought to give their students more and better health services. Seeing as schools may keep or request sensitive health information from the students or parents, it’s natural to wonder what laws cover the security and privacy of these documents.

These days, there are two major privacy laws – HIPAA and FERPA – that may or may not cover a student’s health records. Naturally, whether they do or don’t depends on your particular situation. That said, this article will attempt to wade the convoluted mire, illuminating you as to the differences between FERPA vs. HIPAA. Keep reading to discover more!

November 27, 2019September 4, 2020 0 comment

HIPAA / Healthcare Industry

HIPAA Guidelines For Employees

by RSI Security November 26, 2019September 4, 2020

written by RSI Security

Although HIPAA has been impacting the healthcare industry since the late ’90s, far too many businesses still struggle to comply with the various facets of the law. One particular area of weakness for covered entities involves the protection of their patients’ protected health information [PHI]. Time and again, they fail to adequately safeguard the personally identifiable information that has been entrusted to their keeping. Naturally, such lax defenses can result in a host of issues such as data theft, fraud, loss of client trust, fines, and even jail time.

Over the years, one of the main causes of noncompliance with HIPAA is the result of human error. In most cases, employees unknowingly open up the floodgates to prying eyes or cybercriminals due to a simple lack of understanding, education, or forethought. Although such actions are rarely malicious, ignorance is not an excuse readily accepted by Health and Human Services [HHS]. Therefore, it’s crucial that you ensure that your team members are complying with the rules and regulations of HIPAA.

Check out our HIPAA guidelines for employees here!

November 26, 2019September 4, 2020 0 comment

HITRUST

How To Get A HITRUST Certification Assessment

by RSI Security November 22, 2019April 10, 2020

written by RSI Security

Like going to the doctor for an updated checkup, healthcare companies need to know where they stand concerning cybersecurity on the regular. A HITRUST certification is like getting a booster shot that’s valid for two years and will protect you from a wide variety of cybersecurity concerns.

Healthcare organizations are some of the juiciest targets out there for malicious cybercriminals in search of someone to compromise. These entities hoard data that is both highly sensitive and highly identifiable, so breaches here can have serious repercussions on people’s privacy and general security alike. These breaches are not only expensive to fix but leave people feeling especially vulnerable.

November 22, 2019April 10, 2020 0 comment

Load More Posts