Tired with Sarbanes Oxley? There is still another regulatory compliance thing that should be prepared: USA Patriot Act, eDiscovery or HIPAA. So what's the differences? Any experience? With this compliances matter? This short explanation from SOX IT Compliances, Christian B. Lahti and Roderick Peterson 2007 maybe could help you.
USA Patriot Act of 2001
This act mainly eased restrictions and increased the ability of law enforcement agencies to search telephone and e-mail communications and medical, financial, and other records. The act also expanded the authority of law enforcement agencies to intercept wire, oral, and electronic communications relating to computer fraud and abuse offenses. Simply put, not only can law enforcement agencies intercept the stated information, they can also require that it be provided.
eDiscovery of 2006
HIPAA (Health Insurance Portability and Accountability Act) standards for the security of electronic health information was effective since 21 April 2005, The Security Rule complements the Privacy Rule. While the Privacy Rule pertains to all Protected Health Information (PHI) including paper and electronic, the Security Rule deals specifically with Electronic Protected Health Information (EPHI).
It lays out three types of security safeguards required for compliance:
- Physical, and
Here is simple step for comply to HIPAA audit
When coming to standardization, we face the common problem about who is eligible to release the standard. The standard in industrial product is easier than standard in policies or procedures. For the example, standard for video storage in VCR era. The competition between Betamax and VHS, or current competition in Digital Disc. Compare to standard in security such as BS17799 or ISO27001.
As you can see, the competition of industrial product standard is easier to be defined; who win the standard will be used by others. This easy because at the end the consumer who will buy the product is same: global society and nobody cares who release the standard.
Choosing the regulatory standard is really depend on the political situation in every country that using the standard. US Standard usually more effective in the country that it’s economical depend to US. And who follow British Standard maybe has an interaction more with British.
But if your company doesn't have any relation, which type of standard will you choose? Here is my suggestion.