Increasing frauds and consumer concerns are compelling Governments to regulate certain industries. These regulations call for immediate and thorough actions from the organizations on various aspects that largely includes quality and information security.
ProcessLOGIX has developed specific skills and capabilities in understanding these regulations in the context of these organizations and helping them in laying down a system to comply to such regulations. Our range of compliance consulting includes but is not limited to –
|COMPLIANCE FRAMEWORK||BRIEF DESCRIPTION||KEY BENEFITS|
|HIPAA||Health Insurance Portability and Accountability Act (HIPAA) is a United States legislation. Through its Privacy Rule and Security Rule it mandates the ‘Covered Entities’ (health plans, healthcare clearinghouses, and healthcare providers) as well as their ‘Business Associates’ (other covered entities or service providers having access to the protected health information) to protect privacy and security of health information (Protected Health Information – PHI).||
|Meaningful Use Act (MU Act)||Through the provisions of Health Information Technology for Economic and Clinical Health (HITECH) Act, the Centers for Medicare & Medicaid Services (CMS ) and the Office of the National Coordinator for Health IT (ONC) promotes the meaningful use of inter-operable electronic health records (EHR) throughout the United States healthcare delivery system. It promotes the use of Certified EHR Technology (products / applications) that helps improve quality of care. The developers of such EHR Technology are expected to implement a quality management system (QMS) in line with the CMS rules.||
|SSAE 16 / SOC 1, SOC 2, SOC 3||The American Institute of Certified Public Accountants (AICPA) through it Statement on Standards for Attestation Engagement (SSAE 16) requires Reporting on Service Organizations Controls (SOC). These reports needs to be attested by a licensed Certified Public Accountant (CPA). SSAE 16 SOC 1 reports evaluate the effect of the controls at the service organization on the user entities’ financial statement assertion. In addition to this the AICPA also provides reporting on controls related to Confidentiality or Privacy, Processing Integrity, Availability and Security – SOC 2 and SOC 3. A Type 1 Report evaluates suitability of the design of controls while the Type 2 report evaluates suitability of the design and operating effectiveness of controls.||
|PCI DSS||The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary security standard published by the PCI Security Standards Council (PCI SSC). The standard specified security controls to be established by the an organization that accepts, transmits or stores and cardholder data.||