RSI Security

Rethinking Your Cybersecurity

Category: Compliance Standards

Staying informed about all of the cyber security compliance standards is essential to keeping your company safe from hackers. Read on to learn about the various steps you can take to stay up to date with your industry’s compliance standards.

  • HITECH Enforcement & Penalties

    HITECH Enforcement & Penalties

    When you’re sick and at the doctor’s office, you have to reveal a lot of personal information for the physician to properly treat you. Within your file contains your demographic information, your personal medical history, mental health, tests and lab results, insurance information, and more. All of this falls under a specific category called protected health information (PHI).

    In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA) in order to protect patients’ PHI. Privacy and security weren’t the only topics covered in HIPAA. It also addressed health insurance prices and changes, encouraged the use of electronic health records (EHRs), and developed the groundwork for a national healthcare standard.

    HIPAA was amended — rather, bolstered — in 2009, when Congress passed the HITECH Act. It addressed many of the problems arising from HIPAA and helped bring the framework into the 21st century. It also brought with it harsher penalties for HIPAA noncompliance. To avoid these fees, healthcare providers and their business associates must understand the HITECH Act penalties and enforcement.

    (more…)

  • What Is HITECH?

    What Is HITECH?

    When asked about the Obama administration’s efforts to reform the American healthcare system, most people will think of the Patient Protection and Affordable Care Act, also known as “Obamacare.” Many forget or fail to realize that a year prior to the ACA’s creation, Congress had already passed the largest healthcare reform measure in decades in the form of the Health Information Technology for Economic and Clinical Health Act (HITECH). 

    One of the reasons why HITECH’s addition went mostly unnoticed and unremarked is that it was a subsection of President Obama’s American Recovery and Reinvestment Act of 2009. Few realized that this stimulus package introduced sweeping changes to the healthcare industry that had far-ranging impacts on the relationship between patients and providers, especially pertaining to healthcare provider treatment of private health information. 

    Do you want to know what is HITECH in healthcare and how it protects your private information? Read on to find out. 

    (more…)

  • How to Make Your Website GDPR Compliant: A Step By Step Guide

    How to Make Your Website GDPR Compliant: A Step By Step Guide

    A website is like the cover of a book. The first thing a customer searches for is a company homepage and, like a book, if it is eye-catching, it warrants further investigation. For this reason, many companies invest heavily in website development, seeking to make their site clean, easily navigable, and, above all, able to capture and retain the attention of potential customers.

     However, in the process of developing a stellar website, security can sometimes be overlooked, particularly when it comes to complying with new privacy, consent, and transparency standards. 

    Is your website compliant with General Data Protection Regulation Standards? Find out now with our GDPR website checklist.

    (more…)

  • The Many Cyber Security Threats To The Financial Sector

    The Many Cyber Security Threats To The Financial Sector

    In today’s society, there are new cybersecurity threats to the financial sector every day. Find out the most common risks for financial institutions here.

    Cybersecurity threats pose a substantial risk to just about every company and individual all over the world. That may sound like hyperbole but according to USA Today, billions of people have been affected by cybersecurity attacks. Financial institutions are particularly at risk due to the massive amount of capital they oversee. Understanding the risks and how to protect yourself are vital in succeeding in the financial world.

    (more…)

  • What Are the 3 HITRUST Implementation Levels?

    What Are the 3 HITRUST Implementation Levels?

    Healthcare is an industry intertwined with our everyday lives. The young and the old alike rely on doctors to keep them healthy and usually, in that pursuit, reveal personal details to their health practitioners. This means consumers put a lot of trust in healthcare companies. 

    But with technology taking over the mundane tasks of healthcare, threat actors target health institutions for that personal information. The Health Information Trust Alliance (HITRUST) is designed to verify privacy and security compliance combat healthcare fraud. In particular, there are three different levels associated with HITRUST controls. 

    Learn about each HITRUST level and why it’s important with our comprehensive guide. 

    (more…)

  • What Are The PCI DSS Compliance Regulations for the Cannabis Industry?

    What Are The PCI DSS Compliance Regulations for the Cannabis Industry?

    The legalization of recreational and medical marijuana in many states and countries around the world has made the global marijuana market one of the fastest-growing industries. According to a recent report by the Grand View Research, Inc., the global legal marijuana market will grow to $66.3 billion by 2025.

    Cannabis is being widely used as a pharmaceutical product. It is said to be effective in treating severe medical conditions like arthritis, cancer, and Parkinson’s disease. This has contributed to the increased demand for medicinal marijuana.

    Moreover, recreational marijuana or the use of cannabis without medical justification is being legalized in many states and countries. In the United States, 11 states and the District of Columbia have legalized the recreational use of cannabis among adults. Countries like Canada, Belize, Jamaica, Argentina, and the Netherlands have also decriminalized the use of marijuana.

    All these developments point to the expansion of the cannabis industry in the years to come. Marijuana dispensaries can maximize their growth potential by complying with the Payment Card Industry Data Security Standard (PCI DSS), an information security standard for payment processing. Cashless ATM or point of sale (POS) banking is considered a viable and important platform for marijuana dispensaries to grow their sales. With POS banking, online cannabis dispensaries can accept purchases from customers who use their credit and debit cards.

    (more…)

  • Cyber Security Data Protection Plan For The Cannabis Industry

    Cyber Security Data Protection Plan For The Cannabis Industry

    The cannabis industry has been booming recently due in part to legalization legislation that has helped to alleviate barriers to market entry. Recent trends tell us that the cannabis marketplace is projected to grow at a staggering rate from $10.3 billion in 2018 to $39.4 billion by 2023. With more and more states opening up their borders for marijuana, many businesses are looking to technology to manage this increase in customers.

    As of November 2018, 10 states have legalized recreational cannabis while 33 have approved it for medical uses. As more states are opening their borders to legal cannabis, business owners are beginning to become more digital in their endeavors thanks to this newfound legalization. But digitization isn’t all good if you don’t have a cybersecurity plan to protect your data.

    Brands that are able to infuse innovative technology into their network infrastructure can use it to analyze and predict valuable consumer trends that will enable them to make critical decisions in the future. Having a cybersecurity plan in place to supplement this type of innovative undertaking is what will help your cannabis business thrive. Let’s look into the specific areas of interest that you should be focusing on when cultivating your cybersecurity plan and which proactive measures you need to take to avoid being a victim of a cyber-attack.

    (more…)

  • What is Service Organization Control (SOC)?

    What is Service Organization Control (SOC)?

    Service Organization Control reports (SOC), in a nutshell, help companies with various aspects of their business. Essentially, these reports outsource different responsibilities within a business, like payroll, medical claims processing, document management and much, much more. Typically, they are aspects of a business that a company or “user entity” is not capable of doing as well as the service organization. It also allows the company or “user entity” to concentrate on other facets of their business. These reports come in various types based on the type of work the user entity does.

    In this article, we’ll discuss the different types of reports in detail, as well as why you might choose one Service Organization Control report over another. To best understand how it works, it’s important to make sense of the system that came before SOC. Prior to the implementation of Service Organization Control, CPAs used a system called SAS 70. 

    (more…)

  • What Are SOC 2 Trust Service Principles?

    What Are SOC 2 Trust Service Principles?

    As a business owner, you are always looking for ways to set yourself apart from the competition. It may be that your exceptional service, incredible products, or perhaps low prices that give you that competitive edge. Just as important as all these things are to the success of your business, so is establishing a deep level of trust with your customers. One good way to establish this trust is to become SOC 2 Compliant.

    There are five trust service principles which include:

    • Security
    • Availability
    • Processing integrity
    • Confidentiality
    • Privacy

    (more…)

  • What Is The HITRUST Certification Process?

    What Is The HITRUST Certification Process?

    The Health Information Trust Alliance (HITRUST) is an organization that creates and maintains a common security framework (CSF) for businesses and organizations in the healthcare sector. Founded in 2007, the Texas-based entity has a prescriptive set of controls that organizations can use in creating, accessing, storing, or exchanging sensitive or regulated data. 

    HITRUST certification is commonly required by organizations handling protected health information (PHI).  It provides a holistic approach to managing information security risks. Considered as the gold standard for compliance in the healthcare industry, it combines commonly accepted standards such as:

    (more…)