Trusting 3rd-party vendors with company and customer information always feels risky. However, if you know what to ask, and how to determine what makes data confidential, you can feel secure when choosing partners.
Here is a checklist we’ve developed about keeping data safe. Make sure to ask any potential partner about their data security so you can accurately and confidently assess data protection.
The HIPAA Security Act (Health Insurance Portability and Accountability) monitors the way companies deal with health information. This insures that Protected Health Information (PHI) remains safe and requires levels of security for physical information, network usage, and even process protection.
While this doesn’t necessarily matter for all local businesses, if you have customer health information make sure to ask if your vendors are HIPAA certified. For everyone else, just knowing that a company takes customer data seriously enough to be HIPAA certified demonstrates a commitment to security that can put your mind at ease.
Along with HIPAA, the HITECH Act requires additional protection for health information. Ask your 3rd-party partners if they follow guidelines for both.
PCI DSS (Payment Card Industry Data Security Standard) is a set of requirements designed to keep credit card information, processing, storage, and transmission safe. If a company has access to your credit card, or are processing your customers’ credit cards, check to make sure they are PCI compliant.
This is a great article outlining SSL encryption. Bottom line? SSL (Secure Sockets Layer) keeps information protected across servers and browsers when you put in sensitive information. Updating a credit card in an online portal? SSL encryption will keep it safe. When sharing data online to a 3rd-party vendor, make sure they have SSL encryption.
While the checklist is small, even this much compliance and protection from a company demonstrates a level of data security you can trust. Make sure to ask questions when talking about customer data with an outside company. Don’t be shy to ask if they follow strict guidelines, and make sure you feel satisfied with their answers. Conduct outside research. Armed with knowledge and a checklist, you will no longer wonder, “Is my data secure?”