Infradapt can perform a risk mitigation and regulatory assessment for organizations that are required to meet stringent standards for security, operational risk management, and compliance. Infradapt has the knowledge and expertise to handle the following Regulatory Compliance Standards.
Legislative Regulatory Compliance
- HIPAA – Health Insurance Portability and Accountability Act of 1996
Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. Prior to HIPAA the DHHS estimated that 400 different formats were being used to process health care claims via EDI. The AS provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nation’s health care system by encouraging the widespread use of electronic data interchange in the United States. Privacy is addressed by enforcing standards for only minimum necessary access, uses and disclosures of private information. Security standards include data integrity, physical office security, contingency planning.
- SOX – Sarbanes-Oxley Act of 2002
Sarbanes Oxley is a US law passed in 2002 to strengthen Corporate Governance and restore investor confidence. Sarbanes Oxley legislation is wide ranging and establishes new or enhanced standards for all US public company boards, management, and public accounting firms.
- GLBA – Gramm-Leach-Bliley Act — Privacy of Consumer Financial Information
The Gramm-Leach-Bliley Act has privacy provisions relating to consumers’ financial information. Under these provisions, financial institutions have restrictions on when they may disclose a consumer’s personal financial information to nonaffiliated third parties. Financial institutions are required to provide notices to their customers about their information-collection and information-sharing practices The GLB Act provides specific exceptions under which a financial institution may share customer information with a third party.
- FERPA – Family Educational Rights and Privacy Act
The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records.
Industry Regulatory Compliance
- PCI – CISP — Cardholder Information Security Program
CISP is intended to protect Visa cardholder data “wherever it resides” ensuring that members, merchants, and service providers maintain the highest information security standard.
- SAS70 – Statement on Auditing Standards No. 70
SAS70 is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). SAS70 is the authoritative guidance that allows service organizations to disclose their control activities and processes to their customers and their customers’ auditors in a uniform reporting format.
A comprehensive set of controls comprising best practices in information security. It comprises two parts — a code of practice (ISO17799) and a specification for an information security management system (BS7799-2). This is an internationally recognized generic information security standard.
Contact an Infradapt Solutions Specialist online or call 1-800-394-2301 to explore how Infradapt’s regulatory expertise can help your organization become compliant.