Compliance

If your company collects and stores the personal information of its users (or customers), you are required by law to provide a certain level 0f network security (compliance) to ensure their personal information doesn’t end up in the hands of hackers and identity thieves.

Keystone provides all the services needed to ensure your business meets network security compliance, both for today, and down the road.

If you’re not sure if your company is compliant with current or upcoming standards, we can help.

For example, In Ontario, compliance is particularly important for medical organizations storing patient info, as PHIPA comes into play.  PHIPA is the Personal Health Information Act, and it governs how personal information is collected, transmitted and stored.

By adopting a PHIPA model for any business storing user information, you can ensure you are doing everything possible to ensure both your own, and user’s privacy.

PHIPA Compliance Checklist:

 

 Ensuring you have edge protection on your network from data breaches by having a firewall in place

 Ensuring data is backed up off site. Onsite data backups are not sufficient in today’s world. This means you have a copy of your data at your business location but also one that is not stored where your business operates. This off-site backup can be restored in the event of a disaster and sometimes it is the only thing that saves your business data in the event of such as disaster.

 You should not keep patient files on staff’s systems they use everyday.

 Staff should not have patient files reside on the same system as they use email. Patient files should be stored off-site, or on a local server with locked down access and off-site backup.

 Anyone having access to any data that is considered “healthcare custodian data,” you must have reasons why these staff have access (rational access reasoning)

 All systems should have up-to-date anti-virus

What is my Network Edge and why is it important?

 

Understand how important the Edge is in the network. Think of the edge of your network like getting onto the highway. You need good protection where the roadway meets the highway. In the driving world, that’s an onramp. Anyone can go up, but you can’t go back down. Now imagine the on-ramp was two way and people could go up or down. This is like your Internet connection – completely unfiltered, nothing to stop traffic flowing both ways. Having a firewall with proper security licensing in place means it’s actively looking at traffic. A firewall with no security licensing, old firmware, legacy hardware, etc. means that no one is checking the traffic.

In today’s world, it’s almost to understand that technology is changing faster than anyone can keep up with – including data governance standards with provincial, or federal law. Ransomware has been targeted at many health institutions because medical professionals can’t afford to be offline, without access to their patient files. Know that if you do not have an off site backup, you can lose everything (all data) overnight.

Keystone Technologies can help with HIPAA, PIPEDA, PHIPA and Medical Compliance in Ontario, Canada


Need help meeting compliance? Contact us online or call us at 519-451-1793 to book a consultation.

Keystone will visit your business and conduct an on-site assessment, providing you with real recommendations to ensure your business is protected and compliant.

 

What Our Clients Say