HIPAA Compliance Requirements

HIPAA Security rule prescribes a number of required policies, procedures and processes that must be in place for all information systems that process protected data within the Covered Entity. It also prescribes a number of required and addressable implementation specifications designed to protect the confidentiality, integrity and availability of Protected Health Information (PHI) within the enterprise. These specifications fall into five categories:

Seinser HIPAA Compliance Services

Seinser provides comprehensive audit services to customers and ensures that the privacy policies and procedures are being followed correctly, that all safeguards (Administrative, Technical and Physical) are in place and that the privacy of PHI is being maintained in accordance with the mandated standards. Seinser HIPAA audit program includes the following activities –

Overview

The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

PCI DSS Compliance Requirements

Following are the compliance requirements and security assessment procedures as per PCI DSS standard version 1.2 –

	Build and Maintain a Secure Network
	Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not use vendor-supplied defaults for system passwords & other security parameters
	Protect Cardholder Data
	Requirement 3: Protect stored cardholder data Requirement 4: Encrypt transmission of cardholder data across open, public networks
	Maintain a Vulnerability Management Program
	Requirement 5: Use and regularly update anti-virus software or programs Requirement 6: Develop and maintain secure systems and applications
	Implement Strong Access Control Measures
	Requirement 7: Restrict access to cardholder data by business need to know Requirement 8: Assign a unique ID to each person with computer access. Requirement 9: Restrict physical access to cardholder data
	Regularly Monitor and Test Networks
	Requirement 10: Track and monitor all access to network resources and cardholder data. Requirement 11: Regularly test security systems and processes
	Maintain an Information Security Policy
	Requirement 12: Maintain a policy that addresses information security for employees and contractors

Seinser PCI DSS Compliance Services

Seinser provides pre-certification security validation and audit services to customers who are planning for PCI DSS compliance certification. Experienced and certified professional workforce at Seinser assist customers in achieving the required compliance level. Scope of the audit and compliance service to customers includes the following activities –

	Inspection of the Network Infrastructure Security
	Verification of firewall configurations
	Inspection of network traffic monitoring systems
	Evaluation of access control and authentication mechanism on workstations
	Verification of wireless environment settings
	Verification of key-management procedures
	Verification of data encryption mechanism
	Examination of software development processes
	Testing of developed applications for security vulnerabilities
	Verification of physical security controls
	Review of relevant security documents
	Interviews with key technical and management staff
	Examination of information security policies and daily operational security procedures
	Delivery of relevant reports on compliance