Comparison of eight Governance Risk Control (GRC) Regulatory Compliances from Health Insurance Portability and Accountability Act (HIPAA), European Union Data Protection Directive (EUDPD), AICPA Generally Accepted Privacy Principles (GAPP), Payment Card Industry Data Security Standard (PCI DSS, ISO 27002 Code of Practice for Information Security Management, COBIT, The Sarbanes-Oxley Act of 2002 (SOX), Gramm-Leach-Bliley Act (GLBA)

1. Health Insurance Portability and Accountability Act (HIPAA)
HIPAA includes among its components privacy and security rules for the handling of personal and medical information within the health care industry. These rules focus on Protected Health Information (PHI) and electronic PHI (ePHI) that result from efforts to streamline the health care system in the United States and mandate the standardization of electronic transactions, code sets, and identifiers. The privacy and security rules for this act are detailed and prescriptive. Although the regulation focuses on organizations in the U.S. health care industry, it can extend to other organizations if they engage in certain activities, such as managing employee group health plans, or providing services to organizations that this regulation directly affects. If your organization is in the United States and maintains a health plan for its employees, HIPAA most likely applies to the collected and stored information. The U.S. Health and Human Services department (HHS) Office for Civil Rights (OCR) enforces HIPAA regulations.

Download Free HIPAA Business Continuity Plan Outline Template

Introduction
- Purpose
- Applicability
- Scope
- Critical Business Functions
- Planning Principles
- Assumptions
- Prerequisites
- Backup Site
- Alternative Back-up Sites

Basically HIPAA Security Rule require encryption only when individually identifiable health information is sent over a public network, such as the Internet. Encryption will not be required for other network connections, such as dial-up lines and Intranets. However to fully comply with HIPAA Security Requirement you can use Free Autokrypt 8.12.

Autokrypt designed for automation. Automatically encrypt and decrypt files and folders. Encryption methods include password based, secret key, public and private key, OpenPGP password, OpenPG, Email notification of task status. Includes private,public and OpenPGP key generator and a Key Store to manage keys. Common tasks include encrypt, decrypt, copy, zip, unzip, synchronize and file monitors. Includes scheduler to run tasks. This would be very help to become HIPAA Compliant

Protect the key information is one of the requirement of HIPAA (Health Insurance Portability and Accountability). Therefore you can use Folder Lock to comply with the regulations. Basically this application provides two levels of protection:
1. Lock files and folders,
2. Encrypt them using the 256-bit Blowfish algorithm.

For free version the size of file encryption is limited to 25 MB.

List of Health Insurance Portability and Accountability Act (HIPAA) Access Control Policy:
1. Internal network resources, so these resources can all be grouped together.
If a specific resource such as a file share or database requires additional authentication, then this takes place when a user accesses the resource. The only exception to this policy of grouping all resources is a set of HR applications that only a small set of external users is authorized to access. Note that these users may not access the other internal resources that other users can access.

2. List the groups or users.
Most users are in one main group that has network connectivity to all internal resources. A smaller group is composed of external users that have access to the set of HR applications mentioned in the previous step.

3. List the conditions under which the resources should be accessible by the groups.
There are several conditions for accessing resources: