IT Compliance

Achieving and maintaining compliance with the Sarbanes-Oxley Act (SOX) can be a difficult and time consuming process.

What is Sarbanes-Oxley Act (SOX)?

SOX was designed with the goal of implementing accounting and disclosure requirements to increase transparency in corporate governance and financial reporting and formalize a system of internal checks & balances

Does my company have to comply with Sarbanes-Oxley Act (SOX) ?

If you're a publicly held American company, an international company that has registered equity or debt securities with the U.S. Securities and Exchange Commission (SEC) or an accounting firm or other third party that provides financial services to either of the above then your must be SOX compliance.

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA), is a series of regulatory standards that outline the lawful use and disclosure of protected health information (PHI). HIPAA compliance is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).

Does my company have to comply with HIPAA?

According to HIPAA regulations, if you identify as one of these organizational types you must HIPAA compliant

Covered Entities

HIPAA regulations define a covered entity as any organization that collects, creates, or transmits Protected health information (PHI) electronically.

Health care organizations that are considered covered entities include:

• health care providers
• health care clearinghouses
• health insurance providers

 

Business Associates

HIPAA regulations define a business associate as any organization that encounters Protected health information (PHI) in any way over the course of work that it has been contracted to perform on behalf of a covered entity.

Common examples of business associates affected by HIPAA rules include:

• MSPs, IT providers,
• Medical Billing Companies,
• Practice management firms
• Third-party consultants
• Electronic Health Record platforms
• Physical data storage providers
• Cloud storage providers

What is PCI Compliance ?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.

Does my company have to be PCI Compliant?

Any company or organization, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data.

All merchants will fall into one of the four levels based on their Visa transaction volume over a 12-month period and must meet the requirements for that level.

• Level 1 - Any merchant — regardless of acceptance channel — processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.
• Level 2 Any merchant — regardless of acceptance channel — processing 1M to 6M Visa transactions per year
• Level 3 - Any merchant processing 20,000 to 1M Visa e-commerce transactions per year.
• Level 4 - Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants — regardless of acceptance channel — processing up to 1M Visa transactions per year.