What Is the HITECH Act, and How Can I Be Compliant?

Jan 12, 2022 Lazarus Alliance 0 Comment

HIPAA was passed into law in 1996–not exactly the heyday of digital technology. It wasn’t until over a decade later that Congress decided to implement updates to the law to address the rise of digital technology. Their goal? To push providers to update their record-keeping to Electronic Health Record (EHR) systems, secure those systems effectively, and eliminate the loopholes that would prevent adherence to the law.

Thus, the Health Information Technology for Economic and Clinical Health, or HITECH, was born. Here, we’ll discuss some of the changes that HITECH made to HIPAA law and how that informs the compliance obligations of businesses in the healthcare industry.

What Is the California Privacy Rights Act (CPRA)?

Dec 30, 2021 Lazarus Alliance 0 Comment

The California Consumer Protection Act (CCPA) was a landmark law passed in California to support data privacy and consumer rights. As time has marched onward, new technologies and insights from stakeholders have introduced new approaches to the challenges addressed by CCPA. That’s why Proposition 24, the California Privacy Rights Act (CPRA), was drafted and passed into law.

With the provisions of CPRA set to become operative on January 1 of 2022, businesses must understand the shift from CCPA to CPRA.

ISO 27018 Certification Overview

Dec 18, 2021 Lazarus Alliance 0 Comment

About ISO 27018

ISO/IEC 27018 is a unique information technology code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. The cloud offers organizations and consumers a variety of benefits: cost savings, flexibility and mobile access to information top the list. It also raises concerns about data protection and privacy; particularly around personally identifiable information (PII).

PII includes any piece of information that can identify a specific user. The more obvious examples include names and contact details or your mother’s maiden name. But elements that people may not readily think of are medical records, IP addresses and banking statements.

Used with ISO/IEC 27001, ISO/IEC 27018 has been published to allow Cloud Service Providers whose infrastructure is certified to the standard to tell their existing and potential customers that their data is safeguarded and won’t be used for any purposes for which they don’t specifically give consent.