Implementing SSO in hospitals and pharmaceutical firms
HIPAA
The United States Health Insurance Portability and Accountability Act (HIPAA) mandates the privacy and security of personal health information from the various threats and vulnerabilities associated with information management. HIPAA was enacted to assure health insurance portability, reduce healthcare fraud, guarantee security & privacy of health information, and enforce standards for health information
HIPAA compliance is an ongoing process that requires continual investment in people and infrastructure. The act recommends information security best practices to protect personal information to ensure the confidentiality, integrity and availability of personal health information.
Regarding SSO, HIPAA requires a security risk assessment to determine what applications and data are vulnerable, to ensure proper authentication, access control and logging systems, and to conduct ongoing auditing of information systems to test for newly discovered vulnerabilities.
SOX
The Sarbanes–Oxley Act is a United States federal law enacted on July 30, 2002, which set new or enhanced standards for all U.S. public company boards, management and public accounting firms in order to increase its transparency.
The SOX focuses on regulating the protection of financial records including how information is accessed, what leaves the corporate network and what information needs to be protected and retained over time. Corporation need to conduct web application security assessments for an initial SOX compliance risk assessment.
Data Protection Directive
Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data is a European Union directive which regulates the processing of personal data within the European Union.
European Union directives are addressed to the member states. The member states must transpose the directive into internal law. Directive 95/46/EC on the protection of personal data had to be transposed by the end of 1998. All member states have enacted their own data protection legislation.
To learn more about PasswordBank solutions for the health care industry, contact our Product Specialists
