We are seeing more and more laws and regulations that outline the do’s and don’ts of cybersecurity. One in particular is the NIST 800-171 rule.
See how this particular new regulation can affect your cybersecurity business - big or small.
Continue readingHIPAA has a long list of "requirements" for IT providers -- but did you know that some of the rules are not as concrete as they seem?
See which parts of HIPAA's security rule gives you some flexibility, and see just how far you can bend the rules before the cracks start to show in your compliance and security.
Continue readingFind out more about what the report calls a "compliance nightmare on the horizon" for healthcare IT security.
Continue readingPretend PCI DSS compliance is a highbar. How you handle cardholder data will determine whether you have to throw a small, light portion of your network over the bar or the whole hulking mass of it.
IT service providers can make compliance easier -- but how?
Continue readingIT providers, do you have clients in healthcare? Do you handle their patient data? If yes, then you are almost certainly required to protect that data by HIPAA.
HIPAA calls this data “electronic protected health information,” or ePHI. Essentially, it is electronic information about a patient. It can be anything from a patient’s phone number to a recent diagnosis.
HIPAA requires healthcare organizations to protect this data. It also requires their “business associates” to protect it – and that includes their IT service providers.
Continue reading