For enterprises that handle consumer healthcare information, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) has become one of the most important regulations around data security. A lack of understanding of or commitment to HIPAA requirements has proven to be costly for a variety of organizations. For example, CardioNet, a provider of remote mobile care for patients at risk for cardiac arrhythmias, was recently ordered to pay $2.5 million in noncompliance fees for not fully implementing safeguards for electronic protected health information (ePHI).

Read more