Compliance

Where Do You Fit In The Mandatory Compliance Puzzle?

A single negligent breach could close your businesses forever, because liability insurance does not cover professional negligence! Below are several examples of how compliance with Information Security requirements affects common businesses:

 

icon-medical-compliance.jpg

HIPAA and PCI DSS Compliance    

Example #1: Physical Therapist
Compliance Requirements: HIPAA, PCI DSS & State Breach Laws

Why? This physical therapist office deals with electronic Protected Health Information (ePHI) of clients so it falls under HIPAA. The office also accepts co-payments by credit card so it falls under PCI DSS. Since the state requires a breach notification plan, the office must also adhere to state-specific compliance requirements for data breaches.

 

icon-financial-compliance.jpg

PCI DSS and GLBA Compliance    

Example #2: Certified Public Accountant (CPA)
Compliance Requirements: GLBA, PCI DSS & State Breach Laws

Why? Like most CPAs, this CPA deals with private financial information of clients, so it falls under GLBA. The CPA works for clients that accept credit cards and has access to their QuickBooks accounts (containing cardholder information), so the CPA must meet PCI DSS requirements. Most states waive state-sponsored breach laws if the company is GLBA compliant, so there are no additional requirements by the state.

     

icon-legal-compliance.jpg

GLBA and PCI DSS Compliance in Oregon    

Example #3: Lawyer
Compliance Requirements: HIPAA, FACTA, GLBA, PCI DSS & State Breach Laws

Why? This law offices deal with Protected Health Information (PHI) of clients (injury claims) so its falls under HIPAA. Since the office also performs real estate closings and is responsible for private financial information, it falls under both FACTA and GLBA. The office accepts payment by credit card so it falls under PCI DSS. This state waives its breach notification law if the law office is GLBA compliant, so there are no additional requirements by the state.

 

icon-retail-compliance.jpg

PCI DSS Compliance for Level 3 and Level 4 Merchants    

Example #4: Coffee Shop
Compliance Requirements: PCI DSS

Why? This coffee shop accepts payment by credit and debit cards so it falls under PCI DSS. This specific state does not have any specific laws for breach notification, so the coffee shop only has to focus on PCI DSS compliance.

 

icon-contractor-compliance.jpg

State Identity Theft Law Compliance    

Example #5: Construction Company
Compliance Requirements: State Breach Laws

Why? The construction company operates in a state that has a law requiring both client and employee Personal Identifying Information (PII) to be protected and for notification in the event of a breach.

Sort by:
×
×