{"id":2260,"date":"2023-08-31T03:06:56","date_gmt":"2023-08-31T03:06:56","guid":{"rendered":"https:\/\/kleetos.com\/?p=2260"},"modified":"2025-07-07T07:16:52","modified_gmt":"2025-07-07T07:16:52","slug":"compliance-vs-security-you-may-be-secure-but-are-you-compliant","status":"publish","type":"post","link":"https:\/\/brightsquid.com\/us\/compliance-vs-security-you-may-be-secure-but-are-you-compliant\/","title":{"rendered":"Compliance vs. Security \u2013 You may be secure, but are you compliant?"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"2260\" class=\"elementor elementor-2260\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-658cdc08 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"658cdc08\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-62eebfc0\" data-id=\"62eebfc0\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ddbd2a9 elementor-widget elementor-widget-image\" data-id=\"ddbd2a9\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"812\" height=\"372\" src=\"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2023\/08\/secure-clinic-messaging-compliance-vs-security-brightsquid-blog.jpg\" class=\"attachment-full size-full wp-image-2566\" alt=\"\" srcset=\"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2023\/08\/secure-clinic-messaging-compliance-vs-security-brightsquid-blog.jpg 812w, https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2023\/08\/secure-clinic-messaging-compliance-vs-security-brightsquid-blog-300x137.jpg 300w, https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2023\/08\/secure-clinic-messaging-compliance-vs-security-brightsquid-blog-768x352.jpg 768w, https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2023\/08\/secure-clinic-messaging-compliance-vs-security-brightsquid-blog-650x298.jpg 650w\" sizes=\"(max-width: 812px) 100vw, 812px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-452423cc elementor-widget elementor-widget-text-editor\" data-id=\"452423cc\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p class=\"has-padding-top\">A misconception exists between compliance and security, and it causes problems for many clinics. Unfortunately, the definitions of these two essential components become easily confused, and while both are essential for protecting sensitive data, failing to understand the differences between the two can be a costly mistake that puts your clinic at risk. In this article, we define the two and uncover some of the most common mistakes organizations make when it comes to understanding compliance vs. security.<\/p><h3>Compliance and Security Are Not Interchangeable<\/h3><p>When you think about compliance and security, do you consider them to be one and the same? This is a major misconception that is shared by many. The truth is secure does not mean compliant. Security is a component of compliance. Creating security through recommended IT measures isn\u2019t enough to comply with regulations and keep your patient\u2019s sensitive data safe.<\/p><h3>Compliance in Healthcare<\/h3><p>The healthcare industry is highly regulated. There are strict standards and laws that govern practice. Compliance is confirmation \u2014 a reporting function \u2014 of how your clinic is meeting and maintaining privacy standards, as defined by governing acts like the Health Information Act (HIA) in Alberta, Personal Information Protection and Electronic Documentation Act in Canada (PIPEDA) or the Health Insurance Portability and Accountability Act (HIPAA) in the USA.\u00a0<strong>Complying\u00a0<\/strong>with privacy regulations is essential for every clinic. More than a bureaucratic exercise, compliance establishes best practices that protect your clinic from external threats that can be detrimental to operations. To be compliant, your practice must follow government regulations, which mandate that you are able to prove your clinic is able to demonstrate the following:<\/p><ul><li>Consent \u2013 Have patients acknowledged they are ok with you are sharing their information?<\/li><li>Audit (Chain of custody) \u2013 Can you prove who accessed patient information and when?<\/li><li>Backup \u2013 Do you have a strong backup of all your patient information that can be used in the event of loss of primary data?<\/li><li>Archive \u2013 How is unused information used or destroyed?<\/li><li>Security \u2013 Are you taking reasonable measures that comply with regulations?<\/li><li>And more (E.G., in the case of HIPAA, there are over 140 aspects to compliance)<\/li><\/ul><p>As you can see, security does not equal compliance, but you can\u2019t be compliant without security.<\/p><h3>How Security Fits into the Larger Compliance Picture<\/h3><p>Security is about assessing threats and risks to your organization and taking reasonable measures to protect the patient data in your possession. An effective security program must fulfill compliance requirements, but we caution against the \u2018checkbox mentality,\u2019 as it may result in inadequate protection. As threats evolve, it\u2019s crucial that your cybersecurity measures keep pace. Performing ongoing risk assessments and diligent security practices throughout the year will help keep your organization safe from every angle.<\/p><h3>Ensure Compliance and Security<\/h3><p>Achieving compliance beyond security within your clinic will help manage risks, defend against threats such as ransomware and privacy breaches, safeguard sensitive data, and maintain patient safety and trust. To help keep your business on track, consider working with\u00a0<a href=\"https:\/\/\/privacy\/\">Brightsquid\u2019s professional privacy team<\/a>. Our privacy compliance experts will be happy to examine existing practices and determine the policies and procedures that will help you meet compliance standards while securing your clinic against external threats.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>A misconception exists between compliance and security, and it causes problems for many clinics. Unfortunately, the definitions of these two essential components [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":2566,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2260","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-brightsquid-blog"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.1 (Yoast SEO v24.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Security Vs Compliance - Know the Difference | Brightsquid Blog<\/title>\n<meta name=\"description\" content=\"Our clinic process experts explain how data security and privacy compliance are not the same and how our secure email services can support your clinic with both.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/brightsquid.com\/blog\/compliance-vs-security-you-may-be-secure-but-are-you-compliant\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Compliance vs. Security \u2013 You may be secure, but are you compliant?\" \/>\n<meta property=\"og:description\" content=\"Our clinic process experts explain how data security and privacy compliance are not the same and how our secure email services can support your clinic with both.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/brightsquid.com\/blog\/compliance-vs-security-you-may-be-secure-but-are-you-compliant\/\" \/>\n<meta property=\"og:site_name\" content=\"Brightsquid US | Simplify Clinic Operations, Prevent Privacy Breaches\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-31T03:06:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-07T07:16:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2023\/08\/secure-clinic-messaging-compliance-vs-security-brightsquid-blog.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"812\" \/>\n\t<meta property=\"og:image:height\" content=\"372\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Rohit Joshi\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rohit Joshi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/brightsquid.com\/us\/compliance-vs-security-you-may-be-secure-but-are-you-compliant\/\",\"url\":\"https:\/\/brightsquid.com\/blog\/compliance-vs-security-you-may-be-secure-but-are-you-compliant\/\",\"name\":\"Security Vs Compliance - Know the Difference | Brightsquid Blog\",\"isPartOf\":{\"@id\":\"https:\/\/brightsquid.com\/us\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/brightsquid.com\/blog\/compliance-vs-security-you-may-be-secure-but-are-you-compliant\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/brightsquid.com\/blog\/compliance-vs-security-you-may-be-secure-but-are-you-compliant\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2023\/08\/secure-clinic-messaging-compliance-vs-security-brightsquid-blog.jpg\",\"datePublished\":\"2023-08-31T03:06:56+00:00\",\"dateModified\":\"2025-07-07T07:16:52+00:00\",\"author\":{\"@id\":\"https:\/\/brightsquid.com\/us\/#\/schema\/person\/fb0a2dd16ae73bc836a3b2244c80fdf7\"},\"description\":\"Our clinic process experts explain how data security and privacy compliance are not the same and how our secure email services can support your clinic with both.\",\"breadcrumb\":{\"@id\":\"https:\/\/brightsquid.com\/blog\/compliance-vs-security-you-may-be-secure-but-are-you-compliant\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/brightsquid.com\/blog\/compliance-vs-security-you-may-be-secure-but-are-you-compliant\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/brightsquid.com\/blog\/compliance-vs-security-you-may-be-secure-but-are-you-compliant\/#primaryimage\",\"url\":\"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2023\/08\/secure-clinic-messaging-compliance-vs-security-brightsquid-blog.jpg\",\"contentUrl\":\"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2023\/08\/secure-clinic-messaging-compliance-vs-security-brightsquid-blog.jpg\",\"width\":812,\"height\":372},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/brightsquid.com\/blog\/compliance-vs-security-you-may-be-secure-but-are-you-compliant\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/brightsquid.com\/us\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Compliance vs. Security \u2013 You may be secure, but are you compliant?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/brightsquid.com\/us\/#website\",\"url\":\"https:\/\/brightsquid.com\/us\/\",\"name\":\"Brightsquid US | Simplify Clinic Operations, Prevent Privacy Breaches\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/brightsquid.com\/us\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/brightsquid.com\/us\/#\/schema\/person\/fb0a2dd16ae73bc836a3b2244c80fdf7\",\"name\":\"Rohit Joshi\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/brightsquid.com\/us\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/09a002d3de9f2d7d29a43d94b2e49c2e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/09a002d3de9f2d7d29a43d94b2e49c2e?s=96&d=mm&r=g\",\"caption\":\"Rohit Joshi\"},\"description\":\"Rohit Joshi, MSc, JD, Co-founder and CEO of Brightsquid Secure Communications Corp., is actively involved in emerging healthcare technology trends. He has a diverse academic and professional background, spanning life sciences, law, fintech, and health technology, providing strategic guidance, compliance expertise, and operational know-how for public and private organizations across North America. As a motivating leader and speaker, Rohit stands as a champion for innovation and thoughtful solutions to the problems faced by modern healthcare systems.\",\"url\":\"https:\/\/brightsquid.com\/us\/author\/rohit\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Security Vs Compliance - Know the Difference | Brightsquid Blog","description":"Our clinic process experts explain how data security and privacy compliance are not the same and how our secure email services can support your clinic with both.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/brightsquid.com\/blog\/compliance-vs-security-you-may-be-secure-but-are-you-compliant\/","og_locale":"en_US","og_type":"article","og_title":"Compliance vs. Security \u2013 You may be secure, but are you compliant?","og_description":"Our clinic process experts explain how data security and privacy compliance are not the same and how our secure email services can support your clinic with both.","og_url":"https:\/\/brightsquid.com\/blog\/compliance-vs-security-you-may-be-secure-but-are-you-compliant\/","og_site_name":"Brightsquid US | Simplify Clinic Operations, Prevent Privacy Breaches","article_published_time":"2023-08-31T03:06:56+00:00","article_modified_time":"2025-07-07T07:16:52+00:00","og_image":[{"width":812,"height":372,"url":"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2023\/08\/secure-clinic-messaging-compliance-vs-security-brightsquid-blog.jpg","type":"image\/jpeg"}],"author":"Rohit Joshi","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rohit Joshi","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/brightsquid.com\/us\/compliance-vs-security-you-may-be-secure-but-are-you-compliant\/","url":"https:\/\/brightsquid.com\/blog\/compliance-vs-security-you-may-be-secure-but-are-you-compliant\/","name":"Security Vs Compliance - Know the Difference | Brightsquid Blog","isPartOf":{"@id":"https:\/\/brightsquid.com\/us\/#website"},"primaryImageOfPage":{"@id":"https:\/\/brightsquid.com\/blog\/compliance-vs-security-you-may-be-secure-but-are-you-compliant\/#primaryimage"},"image":{"@id":"https:\/\/brightsquid.com\/blog\/compliance-vs-security-you-may-be-secure-but-are-you-compliant\/#primaryimage"},"thumbnailUrl":"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2023\/08\/secure-clinic-messaging-compliance-vs-security-brightsquid-blog.jpg","datePublished":"2023-08-31T03:06:56+00:00","dateModified":"2025-07-07T07:16:52+00:00","author":{"@id":"https:\/\/brightsquid.com\/us\/#\/schema\/person\/fb0a2dd16ae73bc836a3b2244c80fdf7"},"description":"Our clinic process experts explain how data security and privacy compliance are not the same and how our secure email services can support your clinic with both.","breadcrumb":{"@id":"https:\/\/brightsquid.com\/blog\/compliance-vs-security-you-may-be-secure-but-are-you-compliant\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/brightsquid.com\/blog\/compliance-vs-security-you-may-be-secure-but-are-you-compliant\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/brightsquid.com\/blog\/compliance-vs-security-you-may-be-secure-but-are-you-compliant\/#primaryimage","url":"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2023\/08\/secure-clinic-messaging-compliance-vs-security-brightsquid-blog.jpg","contentUrl":"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2023\/08\/secure-clinic-messaging-compliance-vs-security-brightsquid-blog.jpg","width":812,"height":372},{"@type":"BreadcrumbList","@id":"https:\/\/brightsquid.com\/blog\/compliance-vs-security-you-may-be-secure-but-are-you-compliant\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/brightsquid.com\/us\/"},{"@type":"ListItem","position":2,"name":"Compliance vs. Security \u2013 You may be secure, but are you compliant?"}]},{"@type":"WebSite","@id":"https:\/\/brightsquid.com\/us\/#website","url":"https:\/\/brightsquid.com\/us\/","name":"Brightsquid US | Simplify Clinic Operations, Prevent Privacy Breaches","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/brightsquid.com\/us\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/brightsquid.com\/us\/#\/schema\/person\/fb0a2dd16ae73bc836a3b2244c80fdf7","name":"Rohit Joshi","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/brightsquid.com\/us\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/09a002d3de9f2d7d29a43d94b2e49c2e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09a002d3de9f2d7d29a43d94b2e49c2e?s=96&d=mm&r=g","caption":"Rohit Joshi"},"description":"Rohit Joshi, MSc, JD, Co-founder and CEO of Brightsquid Secure Communications Corp., is actively involved in emerging healthcare technology trends. He has a diverse academic and professional background, spanning life sciences, law, fintech, and health technology, providing strategic guidance, compliance expertise, and operational know-how for public and private organizations across North America. As a motivating leader and speaker, Rohit stands as a champion for innovation and thoughtful solutions to the problems faced by modern healthcare systems.","url":"https:\/\/brightsquid.com\/us\/author\/rohit\/"}]}},"_links":{"self":[{"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/posts\/2260"}],"collection":[{"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/comments?post=2260"}],"version-history":[{"count":8,"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/posts\/2260\/revisions"}],"predecessor-version":[{"id":2570,"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/posts\/2260\/revisions\/2570"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/media\/2566"}],"wp:attachment":[{"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/media?parent=2260"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/categories?post=2260"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/tags?post=2260"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}