Archive: Mar 2013

New HIPAA Rules: Impact on Business Associates

As I read the “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules” recently released by the Department of Health and Human Services, I struggled to think how to summarize the 563 page PDF document into a meaningful summary for A-LIGN’s clients.  The title alone is a paragraph long.  A large part of the document is minutia that is not relevant for the everyday conversation on how to protect electronic protected health information (“ePHI”) but there are some key points and clarifications that are made which I believe should be understood by our clients.  As a provider of audit, compliance and security services primarily to companies defined as service organizations or service providers, I will focus on two key points that impact service organizations that handle ePHI, applicability and liability.

Read More

PCI Security Standards Council Releases New Information Supplement on Cloud Computing

In February the PCI Security Standards Council (the “Council”) released a new information supplement related to the application of the Payment Card Industry Data Security Standards (“PCI DSS”) requirements in the Cloud. The goal of the information supplement is to assist Merchants and Cloud Service Providers (“CSP”) maintain PCI DSS compliant environments and also to guide the Qualified Security Assessors (“QSA”) that are tasked with performing the validation assessments.

Read More

PCI Security Standards Council Releases New Information Supplement on Cloud Computing

  By: Gene Geiger, Partner of A-lign Security and Compliance Services In February the PCI Security Standards Council (the “Council”) released a new information supplement related to the application of the Payment Card Industry Data Security Standards (“PCI DSS”) requirements in the Cloud. The goal of the information supplement is to assist Merchants and Cloud Service Providers (“CSP”) maintain PCI DSS compliant environments and also to guide the Qualified Security Assessors (“QSA”) that are tasked with performing the validation assessments.

Read More

Preparing your Collection Agency for the CFPB Examination

By: Neil Gonsalves, Director at A-LIGN OVERVIEW On October 24, 2012 the Consumer Financial Protection Bureau (CFPB) published a rule that would allow the CFPB to federally supervise the larger consumer debt collectors/collection agencies. One of the main objectives of the CFPB Examination is to ultimately help ensure that consumers that are affected by the debt collection process are treated fairly. The CFPB’s supervision authority over these debt collectors/collection agencies took effect on January 2, 2013. Under the rule, any firm that has more than $10 million in annual receipts from consumer debt collection activities are subject to the CFPB’s supervisory authority. The CFPB may adopt a risk based approach focusing on debt collectors/collection agencies that pose a heightened risk to consumers based on information available from regulators, complaints, litigation, and media among other sources.

Read More