In this blog post, I will go over some online form laws and acts such as FERPA, HIPAA, PCI, and PII.
Introduction
To protect the privacy of a user, the forms provided online need to be HIPAA, FERPA, PII, and PCI approved. When these laws approve the forms then the user’s personal information is protected and stops any problems from occurring. In this blog, I will be going over the main things about these laws and what each law and act does.
HIPPA stands for Health Insurance Portability and Accountability Act and it was enacted in 1996, and this act protects the sensitive information of a patient at a hospital. It’s a requirement to follow the HIPAA rule if you are dealing with any health information. HIPAA was created to improve the system in healthcare by digital healthcare dealings and protection the sensitive and private information about the patients.
The privacy rule is one of the major things in HIPAA and this rule protects the medical records of a person and makes sure that the information is kept private. The Security Rule of HIPAA groups the criteria for the protection of electronic protected health information (ePHI).
HIPAA directs the use of electronic transactions and codes that are collected for healthcare information. This part of HIPAA helps optimize and regulate the protection of electronic health information that is protected.
Becoming HIPAA compliant requires the following checklist to make sure the privacy and security of the health information is protected.
- Conduct a Risk Analysis
- Employee Training
- Secure Physical Environment
- Regular Audits and Monitoring
FERPA stands for Family Education Rights and Privacy Act and this act protects the privacy of students and their educational data. This act was created in 1974 and it applies to all educational institutions that receive federal funding. Schools and Colleges need to follow this act in order to teach the students. FERPA gives the permission to parents and students who are 18 or older the right to control their educational records and their school information.
Parents and students who are 18 and older have the permission to review their educational data and FERPA allows them to do this. If they want to review their children’s or their own educational record for making a correction then they can contact the school and request for a correction.
FERPA does not allow the exposure of the education record of a student without their permission or if the student is a minor then without their parent’s permission. FERPA is enforced by the Family Policy Compliance Office of the US Department of Education and if a school is caught violating FERPA then they will not receive any more federal funding.
PII
PII stands for Personally Identifiable Information and it was created in 1974, PII is sensitive because it can lead to misuse of an individual’s personal information. An association that has a collection of PII has to be responsible for enforcing measures to protect the private information of the person. The data minimization wants the associations to only collect PII when it is necessary for a good purpose, otherwise, the data minimization principle does not allow this to happen. The risk of handling personal information increases if the unnecessary collection is done. Countries around the world have established this law because PII is a global concern and a very important law when it comes to personal information.
Some examples of PII:
- Passport number
- Driver’s License Numbers
- Email Address
- Date Of Birth
- Social Security
PCI
PCI stands for Payment Card Industry and this law was created in 2004. PCI was developed by many card companies such as VISA, American Express, and MasterCard. For business that use 3rd party services need to make sure that their service providers comply with PCI. PCI requirements cover access controls, regular security tests, and encryption and these requirements are practiced for the protection of the cardholder’s private information.
Conclusion
In conclusion, we should be aware of these laws and we should know if our personal information is being exposed. We should also know that if anyone violates these laws then we can sue can take legal action against them.