Sharetru 2

1. Cloud-based file transfer software – built with regulatory compliance and security in mind. Partner with Sharetru and share with confidence.

2. Health Insurance Portability and Accountability Act (HIPAA) Compliance What is HIPAA? Today, healthcare companies must go to great lengths to keep their patients’ and clients’ healthcare information secure. That confidentiality is thanks to HIPAA. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 established standards regarding the privacy of a person’s health-related information. These standards are related to the information needed for healthcare coverage. The goal of HIPAA was to improve health insurance coverage continuity and portability in both group markets and individual markets. Deciphering Compliance: HIPAA, SOX, and GLBA Differences

3. Physical Safeguards Facility Access Controls - Controlling who can access your physical facility is the first line of defense in terms of protecting your data. Physical access should be limited only to those authorized to work with sensitive data. Workstation and Security Controls - Once inside your facility, workstations and all of your devices – desktop computers, laptops, tablets, etc. – must be protected. Physical access to these workstations should also be limited to authorized personnel. Devices and Media Controls - Finally, data on any devices or media, like hard drives, external hard drives, memory cards, or flash drives, should be protected. Unapproved access should be prevented.

4. Technical Safeguards Access Controls - The ability to access the files themselves should be limited to approved parties. No one should be able to read, write, modify, or transfer data unless they are authorized to do so. Audit Controls - You must be capable of performing an audit on data activity. This means producing a detailed log of who accessed files, when they were accessed, and any activity regarding these files. Integrity Controls - Policies and procedures must be in place to ensure that electronic protected health information is not altered or destroyed. Person or Entity Authentication - It’s vital that you ensure the users attempting to access protected data actually are who they claim to be. This could mean using methods like multi-step verification. Transmission Security - All HIPAA-covered data must be protected when being transferred to other parties.

5. Sarbanes-Oxley Act (SOX) Compliance Complying with SOX The goal of all SOX-based compliance measures should be to safeguard all financial data. By protecting this data, you assure its integrity. Thus, many companies take the step of encrypting all sensitive financial data, protecting it from unauthorized access. What is SOX? The Sarbanes-Oxley Act (SOX) was passed in 2002 to ensure that shareholders and citizens were protected from accounting errors or fraudulent practices occurring in enterprises. It also helps to ensure the accuracy of public disclosures made by these enterprises. As all public companies must comply with SOX, understanding the required steps for compliance is essential. Beyond encryption, you should also have the appropriate security controls established to prevent against data loss or alteration. Not everyone in your organization needs the same level of access to sensitive data, so following data security best practices regarding granular access controls, user passwords, and file sharing security helps you protect SOX-covered data.

6. What is GLBA? Gramm-Leach-Bliley Act focuses on the data protections financial institutions must have in place. These compliance measures apply to companies that offer consumers financial products or services. This could mean loan providers, financial or investment consultants, or insurance providers. Information sharing practices must have the appropriate safeguards in place to protect sensitive data. Gramm-Leach-Bliley Act (GLBA) Compliance

7. Complying with GLBA GLBA compliance starts with how financial institutions interact with their customers. They must first protect customer data from being accessed by unauthorized parties. These institutions must also communicate to customers how their financial data will be used and who it will be shared with. Customers must also be given the opportunity to opt-out if they are unwilling to have their information shared with any third parties. If your organization falls under the GLBA umbrella, it’s vital that you comply. You want to avoid the consequences of noncompliance like heavy fines, but you also want to ensure that you’re protecting your reputation. If customers can’t trust you with their sensitive data, they may be reluctant to trust you with their business at all.

8. How Do HIPAA, SOX and GLBA Differ? The primary difference between each set of compliance regulations is that they are all focused on protecting a different type of data. HIPAA protects a patient’s healthcare information, SOX protects financial information of public companies, and GLBA protects the data of financial institution customers. Want to learn more about the specifics of HIPAA compliance? Visit Our Website : www.sharetru.com

9. "Tailored To Meet Your Unique Compliance Requirements & Data Protection Needs" Thank You