Category:

Compliance Standards

Staying informed about all of the cyber security compliance standards is essential to keeping your company safe from hackers. Read on to learn about the various steps you can take to stay up to date with your industry’s compliance standards.

How to Use Security Certification to Grow Your Brand

by RSI Security December 2, 2019December 19, 2019

written by RSI Security

In today’s competitive business environment where small and large businesses alike must compete with megaliths like Walmart and Amazon, creating a strong brand is key to maintaining a strong customer base. Of course, there are many aspects that you could implement to build a positive brand, but security for any company that handles or stores customer data or transactions is a key element of a positive brand.

If you want to be taken seriously as a business owner, you must ensure that security is a top priority as one customer data security study conducted by digital security expert Gemalto found. Out of the 10,000 customers they surveyed, only 27 percent of consumers felt that businesses take customer data security very seriously. Additionally, 70 percent of consumers said that they would altogether stop doing business with a company if it experienced a data breach.

December 2, 2019December 19, 2019 0 comment

NIST 800-171 / DFARS

NIST Guidance on Mobile Security

by RSI Security November 29, 2019December 6, 2019

written by RSI Security

Over the last two decades, the role of IT departments has undergone dramatic change due to the growing percentage of Americans who rely upon their tablets, smartphones, or similar mobile devices to accomplish their daily work activities. As is so often the case, this progress has been a boon in some ways and a mounting problem in others, especially for IT; on one hand, the Internet of Things [IoT] has made it so employees are more efficient, on the other, it has opened up a new Pandora’s box of potential cybersecurity threats.

Security controls rarely keep pace with the security risks posed by new tech. And in the case of mobile, security threats arise from both bring your own device [BYOD] policies as well as corporately owned and personally enabled [COPE] mobile policies. In response to this looming threat, the National Institute of Security Technology [NIST] released its “Guidance on Mobile Security Report,” which we’ll outline below. Armed with these security recommendations, your business can ensure that your mobile security practices are up to date and robust.

November 29, 2019December 6, 2019 0 comment

HIPAA / Healthcare Industry

What Is the Difference Between HIPAA vs. FERPA?

by RSI Security November 27, 2019September 4, 2020

written by RSI Security

In recent decades, public health agencies and public schools have worked hand in glove, sharing health information about students in order to better understand the broader picture of teens’ overall health. In addition, schools have increasingly sought to give their students more and better health services. Seeing as schools may keep or request sensitive health information from the students or parents, it’s natural to wonder what laws cover the security and privacy of these documents.

These days, there are two major privacy laws – HIPAA and FERPA – that may or may not cover a student’s health records. Naturally, whether they do or don’t depends on your particular situation. That said, this article will attempt to wade the convoluted mire, illuminating you as to the differences between FERPA vs. HIPAA. Keep reading to discover more!

November 27, 2019September 4, 2020 0 comment

HIPAA / Healthcare Industry

HIPAA Guidelines For Employees

by RSI Security November 26, 2019December 22, 2025

written by RSI Security

HIPAA guidelines have been shaping the healthcare industry since the late 1990s, yet many organizations still struggle to comply with their requirements. A common area of concern for covered entities is the protection of patients’ protected health information (PHI). Failing to safeguard this sensitive data can lead to serious consequences, including data breaches, identity theft, fraud, loss of patient trust, fines, and even legal action.

One of the main reasons for HIPAA non-compliance is human error. Employees may unintentionally expose PHI due to a lack of understanding, training, or awareness. While these mistakes are rarely malicious, the U.S. Department of Health and Human Services (HHS) does not accept ignorance as an excuse. That’s why it’s essential to ensure that all team members follow proper HIPAA guidelines for employees and understand their responsibilities in protecting patient information.

Learn more about our HIPAA guidelines for employees to strengthen compliance and protect your organization.

November 26, 2019December 22, 2025 0 comment

HITRUST

How To Get A HITRUST Certification Assessment

by RSI Security November 22, 2019April 10, 2020

written by RSI Security

Like going to the doctor for an updated checkup, healthcare companies need to know where they stand concerning cybersecurity on the regular. A HITRUST certification is like getting a booster shot that’s valid for two years and will protect you from a wide variety of cybersecurity concerns.

Healthcare organizations are some of the juiciest targets out there for malicious cybercriminals in search of someone to compromise. These entities hoard data that is both highly sensitive and highly identifiable, so breaches here can have serious repercussions on people’s privacy and general security alike. These breaches are not only expensive to fix but leave people feeling especially vulnerable.

November 22, 2019April 10, 2020 0 comment

HITRUST

A Step-By-Step Guide To HITRUST Certification

by RSI Security November 21, 2019January 6, 2025

written by RSI Security

The healthcare industry is understandably concerned with compliance and certification — there are lives on the line! The people operating various medical machinery should be fully certified to do so, and patients should see fully qualified doctors for the best outcomes. It’s just how they get the care they need.

But beyond ensuring these requirements are met (and that everyone’s hands are clean in the process), robust healthcare organizations need to be considering their approach to cybersecurity and data protection as well. Data stored by businesses in this category is especially appealing to cybercriminals for its dual nature — not only is it highly sensitive, but it’s highly identifiable as well.

November 21, 2019January 6, 2025 0 comment

HITRUST

Everything You Need to Know About HITRUST Compliance

by RSI Security November 20, 2019April 10, 2020

written by RSI Security

When we see other drivers on the road, we tend to assume they’re all licensed, insured, and level-headed. Until they prove otherwise in front of us, we take it for granted that everyone’s an excellent driver — you know, like us.

But when we show up at a doctor’s office or share payment details for a recent medical procedure, we assume healthcare professionals are following all the best practices concerning the security of that data. But we go to the pharmacy because we need to fill a prescription, not because they’re reputed for their cybersecurity. How do businesses call attention to their cybersecurity mindfulness, and how do consumers make the best choice when it comes to matters of handling their personal data?

There’s a simple answer already out there: they look for HITRUST compliance.

November 20, 2019April 10, 2020 0 comment

HITRUST

Who is the HITRUST Alliance?

by RSI Security November 19, 2019November 19, 2024

written by RSI Security

Cybercriminals are already clearly established bad guys online, and it’s up to your cybersecurity tools and standards to keep you safe.

Top-of-the-line firewall and antivirus software might go a long way toward protecting the data on your own network, but how do you protect the most sensitive data when it lives somewhere else entirely? You surely need someone else’s help to protect your data when it lives in places you might not even be aware of. The healthcare industry stashes patient data all over the place, for example.

November 19, 2019November 19, 2024 0 comment

PCI DSS

How To Prepare For A PCI Audit

by RSI Security November 18, 2019January 14, 2020

written by RSI Security

It’s all about the plastic.

Even though we have more alternative electronic payment options than ever before, Americans prefer the credit card over any other payment mechanism. This means it’s relatively simple for businesses to charge their customers online and get paid using one of a variety of payment gateways — all they have to do is move information from one place to another to collect their revenue, and the internet makes this a simple task.

But this convenience simultaneously presents an obstacle: that data needs to be moved and stored safely. It should only be accessible by authorized entities, and should be kept far out of reach from malicious third parties. For enabling an entirely new era of transacting, online card payments also come with their own set of liabilities that can leave customer financial data vulnerable and a business’s reputation on the line.

This means your company, whether large or small, needs to be on the forefront of PCI compliance. A PCI compliance audit is an essential tool for helping you get there.

November 18, 2019January 14, 2020 2 comments

HIPAA / Healthcare Industry

What Is the Difference Between Protected Health Information and Consumer Health Information?

by RSI Security November 15, 2019September 4, 2020

written by RSI Security

A new technological era is upon us. Over the last 25 years, the meteoric rise of computers, smartphones, and other electronic devices have infused our world with a new sense of possibility. With it comes the need for higher security measures and data protection. That holds double for the healthcare industry.

With the type of information stored away in electronic health records (EHRs), healthcare organizations have a responsibility to secure the sensitive information provided by their patients. And according to the Health Insurance Portability and Accountability Act (HIPAA), signed into law in 1996, they do. It’s called protected health information (PHI).

But what is protected health information? And how does it differ from consumer health information (CHI), another term thrown around the health-tech sector? For everything you need to know, read ahead.

November 15, 2019September 4, 2020 0 comment

Load More Posts