April 01, 2004 — Staring down the barrel of multiple regulatory deadlines? This calendar view will help you keep the dates straight.
April 2004
| Who's affected: | Healthcare organizations |
| Brief: | Passed in 1996, HIPAA (the Health Insurance Portability and Accountability Act) increases customer data privacy requirements for healthcare companies, including relevant insurance companies and pharmacies. |
| Full text: | www.hhs.gov/ocr/hipaa |
| Administered or enforced by: | The HHS Office for Civil Rights (OCR) will enforce HIPAA privacy standards. The Centers for Medicare & Medicaid Services (CMS) will be responsible for enforcing the transaction and code set standards that are part of the administrative simplification provisions of HIPAA. | Past due HIPAA deadlines |
|---|---|
| April 2003: | Electronic Health Care Transactions and Code Sets requirements in effect. | Upcoming deadlines |
| July 2004: | Employer Identifier Standard, all covered entities except small health plans |
| April 2005: | Security Standards, all covered entities except small health plans |
| August 2005: | Employer Identifier Standard, small health plans |
| April 2006: | Security Standards, small health plans |
| May 2007: | National Provider Identifier, all covered entities except small health plans |
| May 2008: | National Provider Identitier, small health plans |
May 2004
| Who's affected: | Publicly traded companies |
| Brief: | In response to high profile financial scandals, this law intends to protect shareholders and the general public from accounting errors and fraudulent pactices in the enterprise. Sarbanes-Oxley is not a set of business practices and does not specify how a business should store records; rather, it defines which records are to be stored and for how long. |
| Full text: | news.findlaw.com/hdocs/docs/gwbush/sarbanesoxley072302.pdf |
| Administered or enforced by: | U.S. Securities and Exchange Commision (www.sec.gov) | Past due HIPAA deadlines |
|---|---|
| April 2003: | Electronic Health Care Transactions and Code Sets requirements in effect. | Sarbanes-Oxley deadlines |
| November 2004: | Additional disclosures for accelerated filers, generally U.S. companies with equity market capitalization greater than $75 million that file at least one annual report with the SEC. |
| July 2005: | Additional disclosures for non-accelerated filers, beginning with fiscal years ending on or after July 15, 2005. |
June 2004
| Sarbanes-Oxley, additional disclosures |
July 2004
| HIPAA, Employer Identifier Standard, all covered entities except small health plans |
April 2005
| HIPAA, Security Standards, all covered entities except small health plans |
August 2005
| HIPAA, Employer Identifier Standard, small health plans |
Past Due
| FISMA (Federal Information Security Act) Requires federal agencies to apply risk management techniques to make their computer information systems more secure. The agency director must report to Congress no later than March 1 of each year on agency compliance. | |
| California Privacy Law SB 1386 This law requires companies with California customers to notify those people of computer security breaches that may result in the theft of personal information about them. If third-party vendors hold customer data, they are also responsible for compliance. |
COMPLIANCE ESSENTIAL READING
How do you write effective security policies and then ensure that employees are in compliance? Here is practical advice from the experts.
Sample security policies and templates
A directory of security-related regulations, laws, and guidelines
How to write an information security policy
Building a culture of preparedness
Cultural aspects of security policy and messaging
5 security missteps in the name of compliance
Compliance Webcasts
- McAfee Continuous Compliance
- Balancing Increasing Security Requirements with Decreasing Budgets
- Gain Control of the New Threat Landscape
- Securing Your BYOD Strategy: Cisco Secure Mobility Solutions
- Securing Your BYOD Strategy: Cisco Secure Mobility Solutions
- Introduction to VMware vCenter Site Recovery Manager 5
Compliance White Papers
- Your RSA, BSidesSF survival guide for 2012
Last year I wrote a column on how to get the most out of RSA and Security B-Sides without getting eaten alive by all the flash around you.
read more - Patch Tuesday preview, February 2012
- M86 report proves water is wet
More Salted Hash with Bill BrennerWhite Papers
Sponsored Links
