No matter what industry you’re in, compliance acronyms areabundant, filling your days with both confusion and regulation. From dataprotection to employment eligibility, compliance with relevant laws, policies,and regulations is critical to any business.
The first steps in conquering the confusion are to identifyand understand the terms that might regularly impact your company. Let’s takesome time to make sense of some common compliance acronyms and what they likelymean for your business.
GDPR (General Data Protection Regulation): While this regulation only applies to the European Union and information leaving the EU, we are seeing its effects state-side because it requires businesses that interact with EU citizens to comply, regardless of location. The goal of GDPR is to create greater data privacy and protect users and companies from breaches. If there is even the slightest likelihood that someone from the EU will be visiting your site or interacting with you online, make sure that you comply with GDPR regulations. We’ll cover GDPR in greater detail in our next blog.
HIPAA (HealthInsurance Portability and Accountability Act of 1996): While this lawhas been on the books since 1996, many medical practices are still not HIPAAcompliant and believe that they are too small to be touched. Even if you aren’tdirectly in the medical industry, pay attention! Beyond the practicesthemselves, any organization that works with a medical practice hasresponsibility in HIPAA compliance through associate agreements. Theseagreements particularly apply to IT companies, law practices, accounting firms,and others that might have access to patient data in any way. Bottom line, allpatient data must be protected, encrypted, and safe.
You also need to have a specific HIPAA-compliance plan,breach response plans, and data recovery methodology. HIPAA has gainednotoriety with larger scale medical breaches in recent years, in addition tolarger fines levied for HIPAA breaches. The largest fine currently on record is$16 million. Small companies are also being hit with violations costing about$1.5 million apiece.
HITECH (HealthInformation Technology and Clinical Health Act): HITECH entered thepicture in 2009 and brought teeth to HIPAA violations. This regulationspecifically covers the electronic transmission of health information. In itsbest form, it’s meant to improve patient care through better doctorcoordination, better sharing of information, and strong data security of electronichealth records. In practice, all those privacy forms that you sign whenever yougo to the doctor really do have an important purpose.
I-9 (EmploymentEligibility Verification): This is the form that new hires must fillout within three days of employment to verify that they are eligible to workwithin the US. While this piece of paper may get lost among the sea of new hirepaperwork, it should never be overlooked. Even if you’ve been correctlyemploying the I-9 form for years, you may want to go back and check for formupdates. Some updates will have no impact; but to be truly in compliance,you’ll sometimes need to go back and have every employee update their I-9information and verification documents.
PCI DSS (PaymentCard Industry Data Security Standard): Do you collect credit cardinformation within your business? Any payment data collected and stored must bePCI compliant. To ensure compliance:
These are just some of the common compliance acronyms you may encounter in your daily work. The technology experts at AJTC can help you comply with the vast majority of these and will be able to put a clear plan of action in place to increase your cybersecurity footprint. Contact AJTC today to learn more about IT security and other services. You may also visit AJTC here or call 708.942.8200.