HITRUST and HIPAA are both relevant to healthcare data security but have different standards. HIPAA relates to federal laws that protect health information, while HITRUST is a control framework. HIPAA requires healthcare providers to adhere to three types of security safeguards, with penalties for non-adherence. HITRUST incorporates several compliance frameworks, with options for certification. Compliance with HITRUST doesn’t guarantee HIPAA compliance, as potential variations may necessitate additional actions.
The NCSC wants developers to get serious on software security
The NCSC’s new Software Security Code of Practice has been praised by cyber professionals as a significant advancement in enhancing software supply chain security.
