Keeping Your Business HIPAA and PCI Compliant
Regulatory compliance of one sort or another is something nearly all companies are faced with these days. Two of the more common and challenging are HIPAA and PCI compliance. Flux Labs can help your company work through the requirements required of each and help you employ the changes necessary to bring your company into compliance.
With the passage of the Health Insurance Portability and Accountability Act (HIPAA) in 1996, the US Department of Health and Human Services issued two rules, the Privacy Rule and the Security Rule, which strive to protect the health information of individuals while simultaneously permitting the free flow of health information required to deliver services in today’s technology driven world. It is these Privacy and Security Rules that outline the requirements companies must take to protect health information, and it is what most of us refer to when we talk about HIPAA.
Because companies that fall under HIPAA compliance are of different size and have varying levels of resources available to them, HIPAA is flexible in regard to the security measures that each company employs. And this is where Flux Labs can help.
If you’re a company that falls under HIPAA, we’ll work with you to review your existing environment and address the technical changes necessary to meet the level of security and protection required of HIPAA and appropriate for your company.
PCI (Payment Card Industry) compliance is a requirement of the payment card industry and is likewise enforced by them. The requirements, which apply to all organizations that process, transmit or store cardholder data, are set by the PCI Security Standards Council and come in three flavors:
PCI Data Security Standard (DSS) – the DSS primarily applies to all entities that accept or process payment cards, and therefore applies to nearly every company in the US. There are twelve specific DSS requirements, ranging from the installation and proper configuration of Firewall device to the tracking and monitoring of all access to cardholder data. To learn how Flux Labs can help ensure your company is in PCI DSS Compliance, click here.
PIN Transaction Security (PTS) – the PTS requirements apply to companies that manufacture devices used in the processing of personal identification numbers (PIN) as part of a PIN-based transaction. However, even if you are not a manufacturer of these devices, if you are a merchant you want to be sure you are using PTS-certified devices. You can find a list of approved PTS devices here.
Payment Application Data Security Standard (PA-DSS) – the 14 requirements of PA-DSS apply to the developers of Payment Applications. Similar to PTS, merchants should ensure the Payment Application they are using are approved by the PCI Council. You can find more information about PA-DSS and a list of council-approved Payment Applications here.
While PCI compliance is not a government mandate, it is a requirement of the payment card industry and failure to comply may result in significant fines. If you would like assistance in becoming PCI compliant today.