Penetration Testing with Kali Linux OffSec
|
|
Health Insurance Portability and Accountability Act
of 1996 (HIPAA) 85 is a United States federal law regulating health care coverage and the privacy of patient health information. Included in this law was a requirement to create of a set of standards for protecting patient health information, known as Protected Health Information (PHI). The standards that regulate how PHI can be used and disclosed are established by the Privacy Rule . 86 This rule sets limits on what information can be shared without a patient’s consent and grants patients a number of additional rights over their information, such as the right to obtain a copy of their health records. Another rule known as the Security Rule 87 outlines how electronic PHI (e-PHI) must be protected. It describes three classes of safeguards that must be in place: administrative (having a designated security official, a security management process, periodic assessments, etc.), physical (facility access control, device security), and technical (access control, transmission security, audit abilities, etc.). These rules also include provisions for enforcement and monetary penalties for non-compliance. Importantly, HIPAA also requires that covered entities (healthcare providers, health plans, business associates, etc.) provide notification 88 in the event that a PHI breach occurs. FERPA : The Family Educational Rights and Privacy Act of 1974 (FERPA) 89 is a United States federal law regulating the privacy of learners’ education records. This law 90 sets limits upon the disclosure and use of these records without parents’ or learners’ consent. Some instances where schools are permitted to disclose these records are school transfers, cases of health or safety emergency, and compliance with a judicial order. FERPA also grants parents and learners over the age of 18 a number of rights over this information. These rights include the right to inspect these records, the right to request modification to inaccurate or misleading records, and more. Schools that fail to comply with these laws risk losing access to federal funding. GLBA : The Gramm-Leach-Bliley Act (GLBA), 91 enacted by the United States Congress in 1999, establishes a number of requirements that financial institutions must follow to protect 85 (CDC, 2022), https://www.cdc.gov/phlp/publications/Module/hipaa.html 86 (HHS, 2013), https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html 87 (HHS, 2013), https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html 88 (HHS, 2013), https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html 89 (ED, 2022), https://learnerprivacy.ed.gov/faq/what-ferpa 90 (CDC, 2022), https://www.cdc.gov/phlp/publications/Module/ferpa.html 91 (FDIC, 2022), https://www.fdic.gov/consumers/consumer/alerts/glba.html Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 51 consumers’ financial information. This law requires that institutions describe how they use and share information and allow individuals to opt out in certain cases. Like other cybersecurity laws, GLBA requires that financial institutions ensure the confidentiality and integrity of customer financial information by anticipating threats to security and taking steps to protect against unauthorized access. In addition, financial institutions must also describe the steps that they are taking to achieve this. GDPR : The Yüklə Dostları ilə paylaş:
|