Application Security for Medical organizations
The pharmaceutical and life sciences industries are also tightly regulated, in particular where it comes to regulations controlling the promotion and advertising of drugs and other remedies. Health care providers, such as clinics and hospitals, also face tight controls on how they handle patient data that may well go beyond the general data protection rules

Many large businesses will have policies to verify that their websites comply with the relevant legislation, as well as design guidelines on issues of copyright. But the extent of the legislation, the size of large companies’ websites and the frequency of updates means that human checking is far too time consuming and expensive and simply is not up to the task of ensuring sites are in compliance.

For example the Health Insurance Portability and Accountability Act (HIPAA) is
an U.S. regulation that gives patients greater access to their own medical records and more control over how their personally identifiable health information is used. The regulation also addresses the obligations of healthcare providers and health plans to protect health information. In general, covered entities such as health plans, healthcare clearinghouses, and healthcare providers which conduct certain financial and administrative transactions electronically


Other legislation that organizations operating online might need to comply with includes:

• California Online Privacy Protection Act (OPPA)
• Children’s Online Privacy Protection Act (COPPA)
• DCID -- Director of Central Intelligence Directive 6/3 -- Protecting Sensitive Compartmented Information within Information Systems
• FISMA (Federal Information Security Management Act of 2002)
• Health Insurance Portability & Accountability Act (HIPAA)
• NERC -- North American Electric Reliability Council Security Guidelines for the Electricity Sector
• OCC Web Linking Rules
• Privacy and Electronic Communications Regulations (EC Directive) 2003
• SB 1386 (The Security Breach Information Act)
• Section 208 of the E-Government Act of 2002
• Section 508 of the Rehabilitation Act
• Visa CISP

Conclusion
The scale and complexity of many organizations’ websites, makes manually checking pages too slow and too costly to be efficient. Nor are visual checks capable of revealing all potential security flaws and vulnerabilities. As the volume of applicable legislation and regulations increases, manual compliance checking becomes less practical.


Ostfold Software’s insight into automating the compliance process will help businesses stay on the right side of the law, and improve their ability to handle new rules and regulations as they come into force.