Software companies charge their developers with producing quality applications that meet customer requirements. Whether they realize it or not, when they write that code or integrate that self-service BI and analytics platform, they must make sure the application controls access to the data so that it meets strict privacy compliance and security laws and regulations.
Introducing a third-party vendor’s code via integration with their application creates another potential risk. That’s why we suggest choosing a platform that adopts your application’s existing security model down to the row level. Inheriting user roles and appropriate access rights make maintaining compliance with HIPAA and other privacy and legal requirements much simpler.
Rather than introducing a standalone application and creating additional exploitable access points, Izenda’s embedded BI platform integrates into an application to keep its security intact.
Software developers need to take into account many privacy laws and regulations, including the following:
Health Insurance Portability and Accountability Act (HIPAA)
When treating a medical patient, having quick access to records can mean the difference between life and death. However, to ensure that those records never fall into the wrong hands, the U.S. Congress passed HIPAA in 1996. It requires protection and privacy of an individual’s health data.
HIPAA clearly defines that the owner of a database containing personal health records does not own the data being stored. Additionally, it makes database owners responsible for keeping those records secure at all times.
Some of the specific HIPAA provisions for data security include:
- Data Confidentiality: Only the owner of the data (the patient), that person’s health care providers and other persons authorized by the patient can access the data.
- Data Availability: Patients must be able to access their own records quickly and efficiently.
- Traceability: Data must be properly logged and capable of being audited.
Review these informative articles for more information on HIPAA compliance available to the general public.
Signed into law in 2002, Sarbanes-Oxley (SOX) is designed to prevent financial scandals like the infamous Enron case of 2001.
Most discussions center around Section 302 of the law because of its emphasis on the responsibilities of CFOs and CEOs. But the section that developers should learn about is Section 404.
Section 404 is centered on ensuring the integrity of financial information. As with HIPAA regulations, this section outlines very specific rules, including:
- Unauthorized users cannot alter data
- Data must be protected and can only be viewed by authorized users
- Data must be available to be changed when necessary
- Data must be logged and able to be audited
Learn more about SOX Section 404 compliance by reading these comprehensive articles.
Other Privacy Compliance Regulations
Software developers need to make themselves familiar with additional regulations, such as:
- PCI: Details the usage and storage of credit card data
- BASEL II: Regulates the storage and usage of personal financial data by financial institutions
- SB 1386: Specific to the state of California, this regulation details the storage of personal information
- GLBA: More regulation on personal financial data and financial institutions responsibilities
For more information on these regulations, Microsoft hosts an informative article about developer compliance.
Trust Izenda’s Embedded BI for your Application
Don’t introduce more regulatory headaches by adding additional standalone applications or those that set up a separate security architecture to your product. Izenda’s platform integrates seamlessly with your application, providing the security you need to comply with regulations in your area of business.