The Importance of Compliance to HIPAA, FISMA, and SOX

HIPAA is the ‘Health Insurance Portability and Accountability Act.’ It was formed in 1996, and its main purpose is to ensure the development of rules by ‘the Secretary of the United States Department of Health and Human Services’ (HHS), regulations which would serve to protect the security and privacy of certain health info. HIPAA addresses issues such as the standardization of the amounts that can be saved in the medical savings account that is pre-tax. It helps to ensure that employees continue to be insured health-wise even when they are in between jobs. The legislation also obligates healthcare corporations to put in place controls that will ensure patient data is secure. It brought about several new standards with the intention of improving efficiency in the healthcare industry. Also, HIPAA prohibits tax-deduction of interest on loans linked to life insurance (Appari et al., 2009).

             As so as to fulfill its requirement, HHS published the HIPAA privacy and security rules. The Privacy Rule, (or ‘Standards for Privacy of Individually Identifiable Health Information’), sets up national standards for protecting particular health info, while the security rule (or ‘The Security Standards for the Protection of Electronic Protected Health Information’) sets up a nation-wide set of security standards for the protection of particular health information stored or transmitted electronically. The Security Rule ensures correct operation of the protections within the Privacy Rule through the address of the technical and non-technical precautions referred to as “covered entities,” which are put in place to secure the “electronic protected health information” of individuals, and avoid vulnerabilities.

            Los Angeles Dental Society (LADS) is an example of an organization that should be HIPAA compliant. LADS is a local component of the ‘California Dental Association’ and the ‘American Dental Association,’ and is responsible for the provision of resources and information needed to provide the very best patient care. HIPAA applies to LADS as it is a key body, whose patients would require utmost service and security. Not complying to HIPAA would leave it vulnerable to legal issues such as malpractice suits, fraud claims, and breaches of contract.

FISMA

            FISMA is the ‘Federal Information Management Security Act.’ It was with the aim of producing key security guidelines and standards that are needed by Congressional legislation. FISMA defines an all-encompassing framework for the protection of government operations, assets and information, from natural or man-made threats. FISMA addresses issues such as the security of sensitive federal information (Toomer, 2011). The continued observation of FISMA compliance gives agencies the info they require for the maintenance of high levels of security and the elimination of vulnerabilities in a manner that is timely and cost-effective.

            Regarding the handling vulnerabilities and ensuring efficient storage, and transmission of data, FISMA combines several aspects including the carrying out of information system inventory, risk categorization, the establishment of system security plans and security controls, as well as the carrying out of risk assessments. An example of an organization that needs to be compliant to FISMA IS the Federal Student Aid. The organization ensures that students who need loans can access these loans and that the information regarding these loans is recorded. FISMA applies to this organization as it is affiliated to the government. Also, it is imperative to have all the information that regards to various students and the loans safe. Non-compliance to FISMA by the Federal Student Aid would lead to legal issues such as a reduction in funding by the government, censure by the Congress, and the damage of their reputation.

SOX

            SOX the Sarbanes-Oxley Act. The purpose of SOX to ensure the safeguarding of shareholders as well as the public from errors in accounting and other activities that could be fraudulent in businesses. It is also aimed at improving the levels of accuracy of corporate disclosures. SOX is responsible for the setting of guidelines for compliance and writes up the regulation on requirements. It was formed with the goal of ensuring that corporate accountability and governance is improved (McNally, 2013).

            SOX addresses the issue of record storage, as well as fraud. In its approach to storage, transmission, and handling of vulnerability, SOX ensures that all data and info and the business records in corporations are stored for “not less than five years.” The IT departments of corporations are responsible for the creation and maintenance of archives for the corporate records. This should be done in compliance with the requirements of the legislation. Also, SOX has safeguards to prevent data tampering. SOX stipulates the type of business records that require storage, such as electronic communications, business records, and electronic communications.

            An example of an organization that requires SOX is Walmart, which is a retail chain store with branches all over America. SOX applies to Walmart, as it would ensure that the shareholders of the corporation, as well as the many customers who buy goods from its stores, are well protected. The legal issues that could come about as a result of noncompliance are imprisonment, fines, or both.

References

Appari, A., Johnson, M. E., & Anthony, D. L. (2009). HIPAA compliance: an institutional theory      perspective. AMCIS 2009 proceedings, 252.

McNally, J. S. (2013). The 2013 COSO Framework & SOX Compliance: One approach to an effective transition.Strategic Finance, 45-52.

Toomer, L. G. D. (2011, September). FISMA compliance and cloud computing. In Proceedings of the      2011 Information Security Curriculum Development Conference (pp. 99-103). ACM.