Compliance Center

Welcome to the IPkey Compliance Center

Our goal is to help you prepare your Information Security systems for the new federal and state regulations. 
We will be adding new information as the year progresses  Many of these laws are complex and require skilled  advice from your legal and audit personnel.

Managed Security Services

We can help you right now! Both HIPAA and SB1386 emphasize network security and make particular mention of Firewalls and Intrusion Detection & Prevention Systems.  At IPkey.com, we have extensive experience in both these technologies and can assist you in becoming compliant

Much of the new legislation is designed to protect consumer and patient privacy, including notification of any security breaches. There is far more material on these regulations than we can include here, but there are links to the best sources of information we can find.  Our focus is on our Small and Medium Business (SMB) clients, so we are more concerned with HIPAA and particularly SB 1386. The Gramm-Leach-Bliley and Sarbanes-Oxley bills affect larger business such as banks and public corporations who are well aware of them, and have compliance programs underway.  We include them here for completeness.

Information Security Compliance Requirements

Regulation

Organizations Affected

Deadline/
Public Awareness

Summary

HIPAA Final Security Rule

Healthcare, Insurance or anyone handling patient medical information.

April 2, 2005/

High

The Health Insurance Portability and Accountability Act (HIPAA) mandates improved efficiency in healthcare delivery by standardizing electronic transactions and establishing uniform security protections for patient data. The security regulations of HIPAA mandate safeguards for the storage, maintenance, transmission and access of patient data.  HIPAA gives organizations the flexibility to choose the best security solutions to meet these requirements. Any healthcare entity that electronically stores and disseminates patient information must establish security systems over the next 2 years to adhere to HIPAA's strict new privacy standards.

California SB 1386

Any entity or person in the US that has computer records of California residents that includes a name in combination with SSN, an account or credit card number with any required security code, access code or password.

July 1, 2003/

Low

The bill requires that you:

1. Protect personal information from unauthorized distribution.

2. Protect systems from security breaches.

3. Notify California residents that their personal information may have been acquired by unauthorized persons in the event of a security breach.

Sarbanes-Oxley

Accounting & audit firms

October 23, 2003/

High

The Public Company Accounting Reform and Investor Protection Act is complex and beyond the scope of this guide. For more information, consult your accounting and audit professionals.

Gramm-Leach-Bliley

Banks and other financial institutions. Among these services are lending, brokering or servicing any type of consumer loan, transferring or safeguarding money, preparing individual tax returns, providing financial advice or credit counseling, providing residential real estate settlement services, collecting consumer debts and other activities.

May 23, 2003/

Medium

GLB's Financial Privacy Rule governs the collection and disclosure of customers’ personal financial information by financial institutions. It also applies to companies, whether or not they are financial institutions, who receive such information.

The Safeguards Rule requires all financial institutions to design, implement and maintain safeguards to protect customer information. The Safeguards Rule applies not only to financial institutions that collect information from their own customers, but also to financial institutions – such as credit reporting agencies – that receive customer information from other financial institutions

COPPA

Website operators and other online providers

April 21, 2002- April 21, 2004/

Medium

The primary goal of the Children’s Online Privacy Protection Act (COPPA) Rule is to give parents control over what information is collected from their children online and how such information may be used.
 

US Patriot Act 215

All

4/17/2002

Low

Section 215 is a highly controversial provision that allows law enforcement officials to demand any records (including computerized data) that they feel may be "pursuant to an investigation."