Now's the time for IT to step up to the plate: Neither GLBA nor HIPAA designates specific technologies or products that will satisfy security requirements, and though final rules for implementing the Sarbox Act are still in the works, they are sure to follow suit. Instead, agencies responsible for issuing regulations under these acts promulgate guidelines and discuss broad implementation standards. It's your job to take these guiding principles and turn them into strong security policies to protect one of your company's most valuable assets: customer information.
For those affected now, we offer an in-depth look at GLBA, HIPAA and the Sarbox Act with tips on technologies and strategies to stay in compliance. We also examine institutions feeling the weight of HIPAA, including Children's Hospital Boston, St. Vincent Hospital in Indianapolis and North Carolina's Medicaid program, and talk to companies, such as EDS and IBM, that are pitching products and services that may aid in compliance.
You might wonder why IT usually has to deal with regulations rather than with laws or statutes. Answer: Federal and state lawmakers delegate their legislative power to administrative agencies--like the Department of Labor--just as CIOs and managers pass tasks down through their chains of command.
Regulations or rules promulgated by these agencies have the same legal effect as laws or statutes. But unlike statutes, rules do not need to go through the legislative process to have the force of law. The public, however, does have an opportunity to participate in the rulemaking process. Agencies are required to publish a notice of their proposed rulemaking in the Federal Register and to give the public a chance to comment. An agency responds to the comments and publishes a final rule.
The Federal Register is published daily on a regular business schedule. All issues in a given year are collected into a single volume with consecutive pagination throughout the year. After rules and regulations are published in the Federal Register, they are brought together by subject matter in the CFR (Code of Federal Regulations). The CFR comprises 50 titles, ranging from agriculture to wildlife and fisheries. For GLBA and HIPAA, the CFR includes all the regulations in force for banks (Title 12) and public welfare (Title 45).
 |
Bob Friday, Chief AI Officer for Juniper Networks, explains how the advanced technology is transforming operations.
Contact center leaders from 8x8, Awaken Intelligence, and 360insight discuss the importance of agent experience.
AI may force enterprises to rewire parts of their data centers so they are fully optimized to run such workloads. The question is do you use Ethernet or InfiniBand?
