brackets

Understanding HIPAA, GDPR, SOC2, and Secure

Development

KhadijaYaseen
 Secure SDLC
1: Planning
potential security risks such as data breaches,
unauthorized access, and system vulnerabilities.

2: Requirements Analysis:
Define specific access controls, authentication mechanisms, and
encryption requirements based on the identified security risks.

3: Design
Overall system architecture and design

4: Development
secure coding practices to mitigate common vulnerabilities such as SQL injection.

5: Testing
Static Analysis
Dynamic Analysis
Penetration Testing
 Secure SDLC
6: Release

Implementing proper access controls

Monitoring mechanisms

7: Maintenance
Regularly review and update security measures
 SOC 2

SAS 70(Statement on Auditing Standards)

System and Organization Control 2

AICPA(American Institute of Certified Public

Accountants.)

Applicable on any organization that stores, processes, or transmits

customer data

Soc2 report
SOC 2
 HIPAA

Health Insurance Portability and Accountability

Data Privacy Act
Protected Health Information (PHI)

Any identifiable health-related data used,

stored, maintained, or shared by an entity
is considered PHI. It covers every aspect
of a patient’s information. The HHS has
identified 18 HIPAA identifiers. They are:
Why HIPAA is important?
 Why HIPAA is important?

Institute Moving Data to cloud

What we want
HIPAA Penalties

Biggest Fine

$ 16 Million againt
Anthem
 HIPAA COMPLIANT
Business Associates

Covered Entities
 HIPAA Rules
Privacy Rule(Set Specific Standards) Limits and conditions on use and
disclosure of PHI

Security(protection of EPHI)
Administrative Safeguard
Physical Safeguard Technical Safeguard
Proper training
Alarm,Locks,Cameras FireWalls,Encryption,DataBackups

Breach Notification 500>(60 days)

500<(annual basis)

Omnibus (Business Associate Agreement)

 GDPR

General Data Protection Regulations(2018)

European Union Law (EU)

Data Processor
processes personal data

Data Controller
why and how personal data is
processed.