COMPLIANCE REGULATIONS

No matter your industry, data protection is paramount – it ensures confidential and sensitive information is kept secure from fraudulent activity. Some industries, however, are required to follow certain compliance guidelines to ensure data protection is being handled with utmost security. These compliance regulations enforce strict rules on how PII/PHI/CCI should be handled internally and securely shared.

At HRS, we are committed to safeguarding privileged and sensitive data. We take pride in going the extra mile to ensure compliance & security.

Here are a few compliance regulations we most commonly redact for.

GLBA

The Gramm-Leach-Bliley Act (GLBA) requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.

GDPR

The General Data Protection Regulation (GDPR) is the world’s strictest privacy and security law. It imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The GDPR will levy harsh fines against those violating its privacy and security standards, with penalties reaching the tens of millions of euros.

HIPAA

The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other identifiable health information. The Rule requires appropriate safeguards to protect the privacy of protected health information and sets limits and conditions on the uses and disclosures that may be made of such information without an individual’s authorization.

EMA Policies

European Medicine Agency’s (EMA) is an international transparency regulation. Policies 0070 & 0043 require data anonymization of all Protected Healthcare Information(PHI) and Commercially Confidential Information(CCI) within clinical data These policies cover a broad range of regulatory documents.

CPRA

The California Privacy Rights Act (CPRA) is a newly added privacy regulation, effective as of 2023. This Act amends parts of the California Consumer Privacy Act (CCPA) in reference to how sensitive personal information is handled establishing a new California Privacy Protection Agency. CPRA is applicable to organizations doing business in the state of California.

FERPA

The Family Educational Rights and Privacy Act (FERPA) is a federal law enacted in 1974 that protects the privacy of student education records. FERPA applies to any public or private elementary, secondary, or post-secondary school. It also applies to any state or local education agency that receives funds under an applicable program of the US Department of Education.

FOIA

The Freedom of Information Act (FOIA) states that the public has the right to request access to federal agency records or information unless the records fall under any of nine exemptions contained in the law or by one of three special law enforcement record exclusions.

FISMA

Federal Information Sercurity Act (FISMA). A United States federal law enacted in 2002 as part of the Electronic Government Act. The primary goal of FISMA is to ensure the confidentiality, integrity, and availability of federal information and information systems.