Implementing SOC 2 Requirements for Cloud Environments

SOC 2 featured

SOC 2 compliance provides a structured approach to ensuring data security, availability, and processing integrity, among other aspects. This article will dive into the specifics of SOC 2 and its impact on cloud security, shedding light on the technical controls, best practices, and the vital role of third-party attestations in bolstering trust between service providers and their clients.

 

Read More

Understanding the Difference Between HIPAA and HITRUST

HIPAA vs. HITRUST featured

Within the world of healthcare compliance and information security, there’s been increasing confusion around some terms and organizations. We’ve heard a bit about some of this confusion, specifically around HITRUST and HIPAA. 

Both are connected to the preservation of health information, yet they fulfill separate functions and are founded on differing principles. This article clarifies the differences between these two. Whether a healthcare practitioner or a business associate, this guide will describe where HITRUST fits into overall compliance (if at all). 

 

Read More

HIPAA and Internal Security Controls

HIPAA physical security featured

In June 2023, the US. The Department of Health and Human Services (HHS) reached an agreement with Yakima Valley Memorial Hospital over a significant breach of privacy and security rules. Specifically, HHS found that several security guards had inappropriately accessed the private records of up to 419 patients. 

This settlement demonstrated administrative and internal security is essential to Covered Entities and Business Associates. We will discuss these controls and what they mean for HIPAA-regulated organizations. 

 

Read More