Privacy Archives | Linford & Company LLP

SOC Benefits: Beyond the Value of SOC Compliance for Audits

By Ben Burkett (CPA, CISA, CISSP, CRISC) on February 9, 2021February 9, 2021

Obtaining a SOC 2 report requires an investment of both time and money for a service organization and, at some point, might seem like more work than it’s worth. However, the advantages to obtaining a SOC 2 report far outweigh the initial investment.

HIPAA Gap Analysis: Critical & Recent Compliance Gaps You Need to Know

By Becky McCarty (CPA, CISA, CRISC, CIA, CFE) on March 4, 2020March 4, 2020

Healthcare providers, payers, exchanges, and many service providers to the healthcare industry are under increased pressure to demonstrate their compliance with the security and privacy requirements of HIPAA.

Confidentiality vs. Privacy in a SOC 2

By Nicole Hemmer (PARTNER | CISSP, CISA) on March 7, 2018February 12, 2019

In a SOC 2 examination, two of the five Trust Services Principles and Criteria are Privacy and Confidentiality. These two principles can be confusing and may seem to overlap.

The 10 Generally Accepted Privacy Principles

By Isaac Clarke (PARTNER | CPA, CISA, CISSP) on September 13, 2017September 13, 2017

The ten generally accepted privacy principles that are essential to the proper protection and management of personal information are:

HIPAA Record Retention Requirements: How Long Should We Retain ePHI Data?

By Rob Pierce, Partner | CISSP, CISA on August 2, 2017July 26, 2018

One of the areas we are required to evaluate on every HIPAA audit or compliance assessment is whether our client is compliant with HIPAA’s record retention requirements.

Which SOC Report is Right for your Organization?

By Nicole Hemmer (PARTNER | CISSP, CISA) on July 14, 2015May 10, 2017

Recently, we have noticed that clients of service organizations are asking for a “SOC” report in general, and not necessarily specifying which type of report they are looking for [i.e., SOC 1 (f. SSAE 16), SOC 2, or SOC 3].

SOC 3 Reports: When do they make sense?

By Rob Pierce, Partner | CISSP, CISA on June 2, 2015May 10, 2017

Some of our clients occasionally ask us when it is a good idea to get a SOC 3 report. The answer for most companies is that a SOC 3 is not necessary.

The Security of Health Insurance Exchanges – “MARS-E”

By L&Co Staff Auditors on April 7, 2015October 11, 2017

Under the Patient Protection and Affordable Care Act (the “ACA”), health insurance marketplaces have been set up to facilitate the purchase of health insurance in each state.

SOC 2 Common Criteria vs. Old TSPs

By Rob Pierce, Partner | CISSP, CISA on March 25, 2015March 24, 2015

On December 15, 2014, the new SOC 2 Common Criteria took effect. What does that mean for your SOC 2 audit?

Update in Riley vs. California Cell Phone Privacy Case

By Rob Pierce, Partner | CISSP, CISA on July 16, 2014July 16, 2014

In our last newsletter we outlined some of the ongoing privacy litigation that was underway and specifically cited the Riley vs. California case that was still being decided by the U.S. Supreme Court.