USA Patriot Act, eDiscovery or HIPAA, which first?
Tired with Sarbanes Oxley? There is still another regulatory compliance thing that should be prepared: USA Patriot Act, eDiscovery or HIPAA. So what's the differences? Any experience? With this compliances matter? This short explanation from SOX IT Compliances, Christian B. Lahti and Roderick Peterson 2007 maybe could help you.
USA Patriot Act of 2001
This act mainly eased restrictions and increased the ability of law enforcement agencies to search telephone and e-mail communications and medical, financial, and other records. The act also expanded the authority of law enforcement agencies to intercept wire, oral, and electronic communications relating to computer fraud and abuse offenses. Simply put, not only can law enforcement agencies intercept the stated information, they can also require that it be provided.
eDiscovery of 2006
Refers the act of discovery in a civil proceeding. Not only does eDiscovery encompass format data such as data contained Microsoft Office files, drawing, e-mails, Websites, it also includes raw data. eDiscovery has prompted companies to implement e-mail archiving, as well as data archiving systems so that they will be better able to respond to a subpoena for eDiscovery.
Health Insurance Portability and Accountability Act (HIPAA) of 1996 .
HIPPA is actually comprised of two titles. It is Title II that we are concerned with here as it also contains the provisions that addresses the security and privacy of health data,
which is what an IT organization needs to focus on:
1. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs.
2. Title II of HIPAA, the Administrative Simplifi cation requires the establishment of national standards for electronic health care transactions and national identifi ers for providers, health insurance plans, and employe