Security Regulations & StandardsJuly 19, 2024 HIPAA US Federal law that provides privacy and security protection for personal health information (PII) Applies to organizations, such as health plans, healthcare clearinghouses, and healthcare providers that electronically transmit healthcare information. HITRUST Health Information Trust Alliance (HITRUST) is a security framework called the HITRUST CSF (Common Security Framework) that is designed to help healthcare organizations address security and compliance challenges related to protected health information (PHI). A checklist to make sure you are HIPAA compliant. Security Rule A set of administrative, physical, and technical safeguards that covered entities and business associates must implement to protect the confidentiality, integrity, and availability of electronic PHI. Privacy Rule A set of national standards for the protection of certain health information. Breach Notification Rule The HIPAA Breach Notification Rule requires covered entities to promptly notify individuals, the government, and sometimes media in the event of a breach of protected health information. PCI DSS Payment Card Industry Data Security Standard (PCI DSS) Focused on protecting credit card data GDPR General Data Protection Regulation GDPR establishes a set of rules for how personal data of individuals within the EU should be collected, processed, and stored. GDPR applies to all orgs globally, as long as the org sores and processes personal data of EU citizens or residents. GDPR Checklist: Lawful Basis and Transparency (Identify) Data Security Accountability and governance Privacy Rights