Back to Blog

Security Does Not Equal Compliance

Image of Elizabeth Phillips
Elizabeth Phillips

In the past 30 years, the medical and dental worlds have changed drastically.  In fact, technological advances have changed all industries. These advances, while being both life and time saving, have brought with them more rules and regulations that businesses must follow.  Additionally, as we have moved into this age of technology, all data is housed on computers and devices. And just like the homes we live in; businesses can be broken into. But unlike that cat burglar who breaks into your house, the hacker is sitting in the comfort of his or her home, probably in their jammies, hacking into your system. And it is no longer about stealing and pawning, it’s about hacking data and selling it to the highest bidder or holding it for ransom. Or both. Therefore, we find ourselves in an era where businesses, and not just those within the healthcare field, must not only secure themselves from outside hacks, they must also comply with government mandates that are ever changing and industry specific.  And thus, the marriage between security and compliance was born.  And in any successful marriage, both parties must play a role. 

Make no mistake secure does not equal compliant.  Security can never be assumed to equal compliance, but compliance could very well equal security.  There is no one size fits all equation that will meet every business’s needs.  In order to protect your clients, your patients, your brand, your reputation, your business, you need to make sure that you have both: security AND compliance.  And oftentimes, to do this wisely and well, your business will need the help of both IT and Compliance Specialists. 

Oftentimes, businesses are excellent at understanding that they need to hire outside IT in order to put into place the best practices for IT and have an efficient working computer infrastructure.  What many businesses fail to do is ensure that they are equally strong on the compliance front. You could have the best IT on the planet and still miss the mark on meeting the specific safety standards for your industry.  And a failure in either component could be a death knell for your reputation and business.  When a business meets compliance standards within its internal security measures, data remains safe and a company’s integrity and reputation remain intact. Trust is easy to break, but nearly impossible to rebuild.

Security is all about exercising due diligence to protect the confidentiality, integrity, and availability of critical business assets.   An effective information security program ascertains an organization’s security needs, and employs the proper physical, technical, and administrative controls to meet those needs. Security best practices include not only putting in stopgaps to prevent attacks that would harm a business, but also seek to mitigate the amount of damage done when (not if) an attack is successful. Security strategies are ever evolving as today’s threats use sophisticated strategies that easily overcome earlier generation technical controls like firewalls, filters, and network segmentation.  The modern information security protocol must be proactive rather than reactive in its approach. 


Compliance is similar to security in that it also compels a business to practice due diligence in protection of its digital assets, however, the determinant behind compliance is different: compliance is focused upon the requirements of a third party, such as a government, security framework, or a client’s contractual terms. Regulations like HIPAA or standards like ISO:27001, outline excruciatingly specific security criteria that a business must meet to be deemed compliant.  


Compliance is often seen as that one bossy cousin who comes to Thanksgiving with all the dietary restrictions.  But the truth is, unlike your bossy cousin Karen that really is NOT gluten intolerant, being compliant is an asset to a business.  Being compliant within a respected industry standard can buttress a business's reputation and earn them new business with security-minded customers.  Additionally, a compliance audit will pinpoint gaps in an organization’s existing security program that would otherwise have gone unnoticed.  


Compliance seeks to go beyond protecting information assets. Compliance oversees policies, regulations, and laws and covers your business from financial, legal, and other types of risks. These are not the primary focus of IT specialists.  Therefore, it is imperative to keeping your business’s reputation secure that you enlist the help of a compliance specialist.  After all, you cannot have a successful marriage with only one party participating.  For your business to thrive, you must employ best practices in both security and industry specific compliance arenas. 


The team at CentraVance consulting are seasoned compliance specialists with experience in HIPAA, OSHA, SDS, and Cyber Security.  To safeguard your business’s reputation and your client relationships, contact their team today for a free reputation risk assessment to begin the process of making sure your business is both secure AND compliant.  


Related Posts

The Cost of Compliance

Image of Elizabeth Phillips
Elizabeth Phillips

Healthcare practices can easily underestimate the investment required to meet compliance. Thinking...

Read more

How HIPAA Compliance Relates to Microsoft End-of-Life Support

Cindy Farmer

Soon, Microsoft will be ending its support for Windows 7. For healthcare organizations, regulatory...

Read more