Proofpoint: Security, Compliance and the Cloud

One thing we've been predicting here at Proofpoint is that the economic crisis would precipitate a renewed focus on regulations and compliance... and not just for the financial services sector, but across all sorts of industries.

Along these lines, Marcia Savage at Information Security magazine has a fascinating article out today on SearchSecurity (CVS pays $2.25 million HIPAA settlement).  While the main subject of the article is interesting enough -- that CVS Caremark has been fined $2.25 million for HIPAA violations (related to employees tossing pill bottles with private patient information on them into open dumpsters!) and that there is growing evidence that the era of lax HIPAA enforcement is over -- the part that really caught my eye was this:

"President Barack Obama's stimulus package signed into law on Tuesday included new rules significantly expanding HIPAA.The rules govern the privacy and security of medical records for healthcare organizations and now their so-called business associates. The new rules include a breach notification law, forcing healthcare providers to notify individuals publicly if more than 500 people are impacted by a breach. Stricter enforcement and penalties are also outlined in the law. It authorizes State Attorneys General to bring a civil action in federal District Court against individuals who violate HIPAA."

Link: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1348446,00.html

HIPAA and other data privacy regulations don't just apply to pharmacies, hospitals, doctor's offices and the like. Your own organization may be subject to these rules. Make 2009 the year that you ensure that your organization's email is compliant with the data privacy regulations included in HIPAA, GLBA, PCI (payment card industry) guidelines, etc.

A great recent example of an organization using Proofpoint technology to stay compliant is the University of Florida Foundation (the fundraising arm of University of Florida).