The Cybersecurity Maturity Model Certification (CMMC) framework is a relatively new yet still partially implemented set of cybersecurity regulations targeting DoD agencies and contractors. The DoD specifically built the rules to address the IT infrastructure and security practices needed to handle Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). After a lengthy review, the DoD has, as of November 2021, released an updated version of CMMC, known colloquially as CMMC 2.0.

What is CMMC 2.0? We’ll cover some of the more significant changes here, what this means for DoD contractors, and how you can prepare for the change.

Read More

Healthcare data and privacy have been a priority for lawmakers and IT professionals for decades. Maintaining privacy related to health information, and giving ownership and agency over disclosure to patients, drives current regulations around Personal Health Information (PHI). The most important of these regulations, HIPAA, has undergone various changes and revisions over time to meet modern security demands. One of these changes, the implementation of HITECH and digital record keeping, includes several additional rules on managing digital health records, including the concept of “meaningful use.”

Here, we will discuss what it means when HITECH legal language encourages the meaningful use of health records and how that can impact compliance and security. 

Read More

HIPAA is a detailed and comprehensive set of regulations governing IT systems and data handling in the healthcare industry. As times change, so too has the language of HIPAA evolved to address those changes. One of these updates is the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. This law modernized HIPAA and directed entities in healthcare to adopt more modern, digital record keeping and security technologies. 

Here, we’ll cover some of the basics of HITECH and what it changed in the language of HIPAA. 

Read More