Where Do Compliance and Information Security Intersect?
Information security focuses on implementing effective technical controls to protect an organization’s sensitive data. While related to information security, compliance focuses on implementing technical controls that specifically meet regulatory requirements – such as HIPAA.
This is where compliance and information security intersect. Many compliance security requirements can be met by implementing technical controls. What technical controls are appropriate for your organization’s information security is determined by what compliance laws regulate your organization.
For organizations subject to HIPAA – any business that has the potential to access protected health information (PHI) – the technical controls you implement must adequately secure PHI per HIPAA compliance standards.