AWS HIPAA Compliance Best Practices Checklist

The Health Insurance Portability and Accountability Act, or HIPAA, is a United States law that seeks to protect the privacy of patients’ medical records and other health information provided to health plans, doctors, hospitals, and other health care providers. It seeks to make health insurance coverage available to everyone — even those who lose their jobs. It also aims to lower the cost of healthcare by setting up standards in the electronic transmission of financial and administrative transactions. As well, HIPAA is designed to help fight abuse, waste, and fraud in insurance and healthcare delivery. The act also gave rise to the HIPAA Privacy Rule, which is the first set of American standards that protect the health information of patients. All health-related clearinghouses, providers, and insurance plans are covered by the act, as well as all companies in the country that are handling or storing healthcare data.

The good news is that you can use AWS and be HIPAA compliant. One way to strengthen HIPAA compliance is by leveraging Threat Stack’s Cloud Security Platform®, which provides healthcare companies – as well as business associates – with the most advanced solutions they need to meet a broad range of HIPAA compliance requirements. This post outlines nine essential best practices you should know about AWS HIPAA compliance. Read more “AWS HIPAA Compliance Best Practices Checklist”

Top Compliance Pain Points by Industry

Whether you are adhering to mandatory regulations or voluntary cybersecurity frameworks, taking compliance seriously can be a huge boon to your organization. It can help you avoid costly penalties, signal to your customers that you’re serious about security, and improve your organization’s overall security maturity. Meeting compliance requirements can also help open your business up to new markets, whether you’re targeting specific industry verticals or going after international customers, and finally, it can speed up your sales process along the way.

But let’s be honest: Compliance can seem like a necessary evil. It’s time consuming and complex, and it can be a huge pain in the you-know-what. Just because the benefits outweigh the costs doesn’t make the process any less painful.

Certain frameworks make their pain felt across industries. GDPR, for example, applies to any organization doing business even nominally in Europe and requires notification of a breach within 72 hours. SOC 2 is a rigorous standard that applies to any company operating in the cloud, and one of the main challenges for Threat Stack in achieving SOC 2 compliance was eliminating the disconnect between our engineering team’s tickets and the code associated with those tickets.

Other compliance frameworks reserve their pain for specific industries, and those can feel especially burdensome. What are the main pain points by industry, and, more importantly, how can you mitigate them? We dig into the specifics below. Read more “Top Compliance Pain Points by Industry”