The Massachusetts law 201 CMR 17.00 that forces US organizations to protect the PII of Massachusetts residents went into its final enforcement phase on March 1, 2012. By that date, no exceptions, businesses that send Massachusetts-based PII to vendors (service providers) needed to require in providers’ contracts that they will also abide by the law.
Let’s talk about HIPAA Gap Assessments. First of all, what is it? HIPAA stands for Health Insurance Portability and Accountability Act. HIPAA (not HIPPA) requires organizations that handle electronic protected health information (another abbreviation for you: ePHI) to ensure that this information remains secure.
An interesting benchmark study was done recently (published Jan., 2011) by Ponemon Institute, commissioned by Tripwire, Inc., entitled “The True Cost of Compliance”, examines 46 companies, and involved interviews of 160 functional leaders.
Information Security Management System. You can undergo a point in time audit or assessment and be compliant, but what happens a week later when patches have gone un-applied? Out of compliance again.