Issue TOC Print full article Print this page Download as PDF E-Mail this URL Discuss this article Flame the author     In this article Introduction All in the Implementation Gramm-Leach-Bliley Whip Out the Crystal Ball HIPAA An Open Door Policy Sarbanes-Oxley Executive Summary Law vs. Regulation FYI With 1386, California Leads the Way Hospitals Get HIPAA Web Links Epoll Results

The Law and IT

It's bottom of the ninth, two outs for the good old days of enterprises exercising sole control over how their sensitive business data was stored, distributed, used and protected (or the not so-good-old days if you worked for Enron or had personal data stolen). The federal government is getting in the game with a vengeance with GLBA, HIPAA, the Patriot Act and the Sarbox Act. For now, only companies that deal with private health and financial data are affected, but others should take note: As Uncle Sam flexes his regulatory muscles--and hands out some fat fines--more types of industries could be affected.

Now's the time for IT to step up to the plate: Neither GLBA nor HIPAA designates specific technologies or products that will satisfy security requirements, and though final rules for implementing the Sarbox Act are still in the works, they are sure to follow suit. Instead, agencies responsible for issuing regulations under these acts promulgate guidelines and discuss broad implementation standards. It's your job to take these guiding principles and turn them into strong security policies to protect one of your company's most valuable assets: customer information.

For those affected now, we offer an in-depth look at GLBA, HIPAA and the Sarbox Act with tips on technologies and strategies to stay in compliance. We also examine institutions feeling the weight of HIPAA, including Children's Hospital Boston, St. Vincent Hospital in Indianapolis and North Carolina's Medicaid program, and talk to companies, such as EDS and IBM, that are pitching products and services that may aid in compliance.