Presentation is loading. Please wait.

Presentation is loading. Please wait.

Regulatory Compliance

Published byChristine Gilmore Modified over 6 years ago

Similar presentations

Presentation on theme: "Regulatory Compliance"— Presentation transcript:

1 Regulatory Compliance
Mary Gardner

2 Compliant vs. Secure

3 Security – CIA Triad

4 Regulations and Standards
Description Triggers Requirements HIPAA Requires that protected health Information (PHI) be maintained in a secure and confidential manner Billing Self-Insured Companies Business Associate Agreements Encryption of PHI Standards for Deidentification Breach Notification Policy and Standards for Protection of Data GLBA Requires that Customers Personally Identifiable Information be secured regardless of where it lives. Also allowed for Investment and Savings banking to be offered at one institution. Chartered as a financial institution under the guidance of the OCC, SEC Protection of PII Vendor Security Required Information Security Function SOX Sarbanes – Oxley act required controls be maintained around financial reporting data. Those controls must be certified by independent 3rd party Publically traded companies Integrity of Accounting Data Self –Assessment Program Attestation of Controls PCI Payment Card Industry Standard requires the protection of cardholder account information Companies Processing Payment card Information Requirements Based on Annual Transaction Volumes Encryption or Obfuscation of Account Numbers Annual Assessment Program FISMA Federal Information Security Management Act Requires Institutions Gathering or Processing Information on the Governments behalf Handle that data according to risk based standards Contractual Requirements Stipulation of Certain Grants or Information Sharing Agreements Encryption of Sensitive Information Risk Assessment Program Identification and Notification of Breach State Breach Laws Many States Require that Individuals be Notified in the Event of the Breach of Their Personally Identifiable Information (PII) Public or Private Sector Entities Storing or Processing PII Encryption of PII

5 HIPAA Compliance Security Rule
Oversight By the Office of Civil Rights (OCR)

6 HIPAA Compliance Privacy Rule
Generally Managed By Chief Privacy Officer index.html

7 HIPAA Compliance Consequences Notification Costs Fines
Ponemon Institute - $200.00/incident/record Fines Alaska Department of Health 1.7MM Unencrypted Laptop Stolen from Car Idaho Fined $50,000 for loss of 441 records Tennessee Blue Cross Blue Shield 1.5MM

8 Legal is Your Best Friend
Expertise to Wade through Legalese Knowledge on Navigating Partners and Vendors Can Assist with Internal an External Auditors

9 Audit Necessary Evil Prepare for the Audit
Unbiased Assessment Leverage with Senior Management Prepare for the Audit Where Possible Help set the Scope Understand your Weaknesses and Create Plans to Address them Where Possible have an Internal Audit Performed Prior to a Compliance Audit

10 Questions

Download ppt "Regulatory Compliance"

Similar presentations

Department of Information Systems Brigham and Womens Hospital Laptop Encryption Catherine McGoldrick Schroeder Corp. Mgr, BWH IS Management & Planning.

Department of Information Systems Brigham and Womens Hospital Laptop Encryption Catherine McGoldrick Schroeder Corp. Mgr, BWH IS Management & Planning.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.

Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
REGULATIONS Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.

REGULATIONS Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Recent IT Security Breaches & How Organizations Prepare Evan McGrath Spohn Consulting May 23, 2015.

Recent IT Security Breaches & How Organizations Prepare Evan McGrath Spohn Consulting May 23, 2015.
Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.

Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.
Security Controls – What Works

Security Controls – What Works
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
IT Legislation & Regulation CS5493. Information has become a valued asset for commerce and governments. … as a result of its value, information is a target.

IT Legislation & Regulation CS5493. Information has become a valued asset for commerce and governments. … as a result of its value, information is a target.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Vendor Risk: Effective Management is Essential

Vendor Risk: Effective Management is Essential
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
A Comprehensive Solution Team Mag 5 Valerie B., Derek C., Jimmy C., Julia M., Mark Z.

A Comprehensive Solution Team Mag 5 Valerie B., Derek C., Jimmy C., Julia M., Mark Z.
An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.

An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.

Similar presentations

Ads by Google