HIPAA is a super vague standard on the tech side. PCI is much more specific and frankly better even though its meant for a different purpose and both were written by different types of entities. It may have changed since I worked with it, but one example I remember is HIPAA standards say to use a firewall. PCI standards say to use a firewall, document rules, review them quarterly with a formal process and separation of duties, and conduct external third party scans to look for vulnerabilities. I’m glad HIPAA is getting an update, but it could really use an overhaul.
HIPAA is a super vague standard on the tech side. PCI is much more specific and frankly better even though its meant for a different purpose and both were written by different types of entities. It may have changed since I worked with it, but one example I remember is HIPAA standards say to use a firewall. PCI standards say to use a firewall, document rules, review them quarterly with a formal process and separation of duties, and conduct external third party scans to look for vulnerabilities. I’m glad HIPAA is getting an update, but it could really use an overhaul.