There are restrictions on how U.S. companies store and share customer data. For health-care providers, HIPAA is designed to protect patient data. A handful of states require companies processing customer payments to comply with PCI-DSS. Search the Internet for information about these regulations, and discuss the major requirements of each. 

To start off, there are restrictions on how U.S. companies store and share customer data to protect the company and the customers. The example in the forum this week, is HIPAA, which is designed to protect patient data. Some states require companies processing customer payments to comply with PCI-DSS.

HIPPA is the Health Insurance Portability and Accountability Act of 1996, which provides privacy of medical information and without a signature agreeing to sending documents, it cannot be done. HIPAA protects health information such as a patients name, date of birth, health condition, any care they have received or any other information concerning the patient. An example that I have from my life that shows that HIPAA is a great thing is a situation from when I was pregnant. I was dealing with some issues in my pregnancy and I had a “friend” who was upset I didn’t tell her what was going on and she tried calling the hospital to see what was happening. Without verifying my personal information she could not be told anything. If HIPAA wasn’t in place, things I didn’t want people to know about, would have been told to her.

PCI-DSS is the Payment Card Industry Data Security Standard, which protects consumers information. There are 12 requirements that are a set of security controls that businesses are required to implement to protect consumers information. The 12 requirements include: install and maintain a firewall configuration, do not use vendor-supplied defaults for system passwords, protect stored cardholder data, encrypt transmission of cardholder data across open, public networks, use and update antivirus software, develop and maintain secure systems and applications, restrict access to cardholder data by business need-to-know, assign a unique ID to each person with computer access, restrict physical access to cardholder data, track and monitor all access to network resources and cardholder data, regularly test security systems and processes, and maintain a policy that addresses information security. If these are not met, fines or termination, or both can take place for an individual. Keeping consumers information is important whether is be HIPAA or PCI-DSS.