About Compliance

A continuously changing compliance landscape.

What is compliance?

Compliance is like a set of rules and guidelines that everyone, including businesses, should follow. They are made up of laws, regulations, frameworks, standards, and industry best practises. Compliance is often used to govern the use of personal information, protected health information, and the protection of systems and data through the use of controls.


Compliance is a continuous process

Much like brushing your teeth and flossing, continual compliance is important for good business hygiene. Compliance requires consistent effort and vigilance to be successful.

Why should you care?

These rules and guidelines are used to:

  1. Ensure consistent adherence to laws, regulations, and policies;
  2. Ensure employees have a clear understanding of their obligations;
  3. Reduce the risk of financial and reputational damage due to non-compliance;
  4. Build trust with regulators, customers, and other stakeholders; and to
  5. Support the development of effective and efficient compliance control systems.

Data breach prevention

Healthcare suffered 327+ breaches in the first half of 2023 alone, with over 40 million patients having their records compromised.

One hundred sixty healthcare breaches were reported at the same point in 2022, an increase of over 104 percent, according to Fortified Health Security's "2023 Mid-Year Horizon Report: The State of Cybersecurity in Healthcare" published in July.

How do you demonstrate compliance?

To demonstrate compliance, you can provide evidence of a successful self-assessment, third-party assessment, or third-party certification. This evidence can include reports, audit results, certificates, and any evidence that supports the verification of your organization's controls. The type of compliance assessment depends on your organization's compliance goals.

What is a control?

A control is a measure that is taken to ensure an organization or individual is compliant. It can be a policy, procedure, system, or other measure that is monitored and enforced on an ongoing basis.

In privacy and security compliance, controls can be technical (TLS, 2FA, backups, data encryption, etc.), administrative (training programs, hiring processes, business contracts, etc.), or physical (facility access key cards, security cameras, etc.). Many compliance frameworks can be considered a prescribed set of controls.

Both MedStack Control and Exos come with built-in controls so that you can jumpstart your compliance!