Certification - HIPAA and Sarbanes-Oxley
Email this Mix
Tags: Software Engineering
Slide 1 - Certification: HIPAA and Sarbanes-Oxley
- Emerson Murphy-Hill
Slide 2 - What is HIPAA?
- HIPAA = Health Insurance Portability and Accountability Act
- A Federal Law Created in 1996
- H = Health
- I = Insurance
- P = Portability and
- A = Accountability
- A = Act
Slide 3 - HIPAA Security
- The HIPAA Security standards provides the mechanisms that support efforts to protect privacy.
- It covers information:
- on hard drives
- on removable/transportable digital memory medium (magnetic tape/disk)
- transported electronically via the internet, e-mail or other means.
Slide 4 - PENALTIES For Non-compliance
- Monetary Penalty
- Term of Imprisonment
- CIVIL PENALTIES
- Single violation of provision
- Up to $25,000
- Multiple violations of identical requirement or prohibition made during the calendar year
- CRIMINAL PENALTIES
- Up to $50,000
- Up to one year
- Wrongful disclosure of individually identifiable health information
- Up to $100,000
- Up to five years
- Wrongful disclosure of individually identifiable health information committed under false pretenses
- Up to $250,000
- Up to 10 years
- Wrongful disclosure of individually identifiable health information committed under false pretenses with intent to sell, transfer, or use for commercial advantage, personal gain, or malicious harm
Slide 5 - Sarbanes Oxley (SOX)
- On June 25, 2002, WorldCom revealed it had overstated its earnings by more than $72 billion during the past five quarters, primarily by improperly accounting for its operating costs.
- Executive management of publicly held companies reporting $75 million revenue dollars or more to the Securities and Exchange Commission (SEC) are under the gun to be compliant with the Sarbanes-Oxley Act of 2002 (SOX) legislation
- Named after sponsors Senator Paul Sarbanes (D-Maryland) and Representative Michael G. Oxley (R-Ohio)
- Regulatory compliance – independent corporate auditors examine if an organizations is SOX compliant.
- No more “Enrons”
- Mandates strict rules relating to corporate transactions and operating practices.
Slide 6 - Sarbanes-Oxley 2002
- Requires management to demonstrate knowledge of underlying process of the business
- Must be able to describe how transactions are authorized or accepted for input into processing
- Identify critical data files used during processing
- “Separation of duties”: e.g., developers cannot have write access to production system.
- Define key reports resulting from processing
- Ongoing process to monitor internal controls while continuously evaluating and improving their effectiveness