On 14th April 2016, the European Union (EU) adopted the General Data Protection Regulation (GDPR). It superseded the European Data Protection Directive 95/46/EC. Unlike a Directive the Regulation (GDPR) is directly binding and applicable and does not require the Governments to pass any legislation for the country. The GDPR in intended to protect privacy and personally information of the European Data Subjects (persons). Through this regulation, there are key responsibilities of Data Controllers and Data Protection. Any breach would result into a legal penalty upto 4% of the breaching organization’s global turnover.
- Reduces the risk of any data breach
- Prevents any legal action
- Helps improve trust level within European client base
- Improves internal control over information management and protection
Health Insurance Portability and Accountability Act (HIPAA) is a United States legislation. Through its Privacy Rule and Security Rule it mandates the ‘Covered Entities’ (health plans, healthcare clearinghouses, and healthcare providers) as well as their ‘Business Associates’ (other covered entities or service providers having access to the protected health information) to protect privacy and security of health information (Protected Health Information – PHI).
- Reduced risk of information theft and resulting impacts
- Protection of reputation and image
- Prevention of legal actions and penalties
- Increased customer confidence
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary security standard published by the PCI Security Standards Council (PCI SSC). The standard specified security controls to be established by the an organization that accepts, transmits or stores and cardholder data.
- Reduced risk of theft of cardholder data and resulting impacts
- Improved customer trust level
- Increased business opportunities due to compliance status
The American Institute of Certified Public Accountants (AICPA) through it Statement on Standards for Attestation Engagement (SSAE 18) requires Reporting on Service Organizations Controls (SOC). These reports needs to be attested by a licensed Certified Public Accountant (CPA). SSAE 18 SOC 1 reports evaluate the effect of the controls at the service organization on the user entities’ financial statement assertion. In addition to this the AICPA also provides reporting on controls related to Confidentiality or Privacy, Processing Integrity, Availability and Security – SOC 2 and SOC 3. A Type 1 Report evaluates suitability of the design of controls while the Type 2 report evaluates suitability of the design and operating effectiveness of controls.
- Improvement in internal controls thereby reducing risk exposure
- Increased trust level of all interested parties
- Effective fulfillment of contractual obligations
Meaningful Use Act
Through the provisions of Health Information Technology for Economic and Clinical Health (HITECH) Act, the Centers for Medicare & Medicaid Services (CMS ) and the Office of the National Coordinator for Health IT (ONC) promotes the meaningful use of inter-operable electronic health records (EHR) throughout the United States healthcare delivery system. It promotes the use of Certified EHR Technology (products / applications) that helps improve quality of care. The developers of such EHR Technology are expected to implement a quality management system (QMS) in line with the CMS rules.
- Financial benefits to the healthcare providers using the Certified EHR Technology
- Improved internal consistency and efficiency in the development, testing, implementation and support processes
- Increase in trust levels of all interested parties
- Prevention of legal actions and penalties
National Accreditation Board for Hospitals & Healthcare Providers
Insurance Regulatory Authority of India (IRDA) has mandated all small and big Hospitals that provide cashless service to get atleast entry-level NABH accreditation. Certain states in India requires NABH accreditation for Hospital participating in various state Government sponsored insurance schemes. The NABH accreditation requires an Hospital to implement Patient Centered Standards categorized in 5 types and Organization Centered Standards categorized under 5 types.
- Enables a Healthcare Organization to participate in Government Sponsored Insurance Schemes
- Helps ensure improved quality care and patient safety
- Increases community confidence in the services provided by an Hospital
- Provides for an overall professional development of hospital clinicians and staff