SOX is compliance for financial and communication stuff for publicly traded companies.
PCI is compliance for credit card transactions. HIPAA is compliance for health care info. I had an app I created that had to be both PCI compliant and HIPAA compliant. It can be a pain in the ass, no doubt. I was figuring out ways I could get SOX in there for compliance bingo :) Cheers, Judah On Wed, Apr 17, 2013 at 4:23 PM, LRS Scout <[email protected]> wrote: > > Sarbonnes oxley is financial only? > > Man its been so long since I cared about this stuff. > > My recall has gone to shit. > > Maybe I should try this personally, I don't think I'd want to work for > someone doing this. > On Apr 17, 2013 7:20 PM, "LRS Scout" <[email protected]> wrote: > > > Aren't there also some hefty db requirements for this kind of pii? > > > > Encryption and stuff. > > > > I can't remember the name of the bill a while back, only applied to > > publicly traded companies I think. > > On Apr 17, 2013 7:17 PM, "Judah McAuley" <[email protected]> wrote: > > > >> > >> One thing to remember is that this is a pretty badly hacked article :) > >> > >> The key thing about HIPAA is that it regulates people who gather your > data > >> and what they can do with it without your permission. It is > fundamentally > >> your data (in a healthcare context) and you are supposed to be in charge > >> of > >> who gets to see it/use it and for what. So if you are opting in to a > >> program and providing data that you are actively sharing and understand > >> how > >> and why it is being used, that alleviates most of the privacy concerns > (on > >> an individual basis). > >> > >> That being said, there are still concerns around making sure that the > data > >> does not go toward any uses you have not knowingly agreed to, making > sure > >> that it can go away when you go away, making sure that it does not go to > >> 3rd parties without your consent, etc. > >> > >> One of the other big concerns I have is how it may work around peer > >> pressure. Peer pressure can be a positive in the area of wellness. > Having > >> a > >> support structure that holds you accountable has been shown to be a > major > >> factor with people sticking with any sort of program. It's hard to > change > >> habits on your own. On the other hand, a voluntary opt-in system has the > >> potential to create a mental division between "team players" and > >> "slackers" > >> or what not and that is something I worry about. > >> > >> I'm happy for any and all input. This is an internal, experimental, sort > >> of > >> project, so nothing is set in stone and great ideas and concerns are > >> happily accepted. > >> > >> Judah > >> > >> > >> On Wed, Apr 17, 2013 at 4:02 PM, C. Hatton Humphrey < > [email protected] > >> >wrote: > >> > >> > > >> > I dunno, started reading it and alarm bells went off in my head with > >> > regards to HIPAA, HR/Labor law and potenitially descrimination > (Ramadan > >> > makes for different eating cycles, for example). > >> > > >> > If you'd like I can share the article with my co-workers in the HR > >> > department to get more educated feedback on the concept. > >> > > >> > Personally I haven't looked into any studies that tie wellness with > >> > productivity. I can also say that every client we service saw a > premium > >> > increase in benefits, participation in a wellness program or not. > >> > > >> > Until Later! > >> > C. Hatton Humphrey > >> > http://www.eastcoastconservative.com > >> > > >> > Every cloud does have a silver lining. Sometimes you just have to do > >> some > >> > smelting to find it. > >> > > >> > > >> > On Wed, Apr 17, 2013 at 6:44 PM, Judah McAuley <[email protected]> > >> > wrote: > >> > > >> > > > >> > > I'm really curious because the company in question is mine and I'll > be > >> > > working on this project. The article, of course, really kind of > >> butchered > >> > > everything, got the name wrong (C3PO is a different internal > project), > >> > and > >> > > kind of glossed over the fact that is all voluntary...but I do > >> understand > >> > > that there are questions to be asked surrounding health info + > >> employers. > >> > > It has the potential to be fraught. On the other hand, we're trying > to > >> > > build a very participatory culture and trying to "do good" > reinforcing > >> > > positive actions by feedback mechanisms. We're just starting and > >> going to > >> > > be prototyping stuff, so nothing set is stone yet, but yeah, I think > >> it > >> > > will be very interesting. > >> > > > >> > > > >> > > >> > > >> > > >> > >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:362886 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-community/unsubscribe.cfm
