|
Health Insurance Portability and Accountability Act (HIPAA)
What it covers: Enacted in 1996, HIPAA is intended to improve the efficiency and effectiveness of the health care system. As such, it requires the adoption of national standards for electronic health care transactions and code sets, as well as unique health identifiers for providers, health insurance plans and employers.
Recognizing that electronic technology could erode the privacy of health information, the law also incorporates provisions for guarding the security and privacy of personal health information. It does this by enforcing national standards to protect:
-
Individually identifiable health information, known as the Privacy Rule.
-
The confidentiality, integrity and availability of electronic protected health information, known as the Security Rule.
|
Sarbanes-Oxley Act (Sarbox or SOX)
What Sarbanes-Oxley covers: Enacted in 2002, the Sarbanes-Oxley Act is designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures. It was enacted after the high-profile Enron and WorldCom financial scandals of the early 2000s. It is administered by the Securities and Exchange Commission, which publishes SOX rules and requirements defining audit requirements and the records businesses should store and for how long.
Who is affected: U.S. public company boards, management and public accounting firms.
|
|
|
Payment Card Industry Data Security Standard (PCI DSS)
What it covers: The PCI DSS is a set of requirements for enhancing security of payment customer account data. It was developed by the founders of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa to help facilitate global adoption of consistent data security measures. PCI DSS includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.
Who is affected: Retailers, credit card companies, anyone handling credit card data.
|
Statement on Standards for Attestation Engagements (SSAE)
What it covers: Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, was finalized by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) in January 2010. SSAE 16 effectively replaces SAS 70 as the authoritative guidance for reporting on service organizations. SSAE 16 was formally issued in April 2010 and became effective on June 15, 2011.
Who is affected: Payroll Processing, Loan Servicing, Data Center/Co-Location/Network Monitoring Services, Software as a Service (SaaS), Medical Claims Processors
|
|
|
|