Form Security (PII, HIPAA, FERPA, PCI)

Why do we still learn about things that occurred thousands of years ago? So that we do not repeat those mistakes from history. In today’s modern, digital world, it’s certainly easy to make mistakes. And it’s even easier to repeat those mistakes. Which is why we must be careful.

The internet can be one of the best places, but it also holds the power to be the worst. This depends on how one uses the internet. Not everyone has good intentions, which is why security is crucial.

Secure forms collect data from users. This security protects not only your data but also your customers’. Social security numbers, financial information, and medical information are a few examples of information that must be protected.

There are 4 types of form security:

1. PII
2. HIPAA
3. FERPA
4. PCI

PII (Personal Identifiable Information)

Personally Identifiable Information (PII) is any type of data that can be used to identify someone. This includes passport information, phone number, social security number, etc.

Just imagine some random stranger walking up to you while you’re paying at a store, and saying that the credit card in your hand is his. If PII didn’t exist, then the stranger’s statement would technically be true. Due to PII, the higher authorities know that the credit card ending in 1234 for example, is Dayla Johnson’s. This way, no stranger can try to get authority over your credit card.

Hence, it holds great significance because it can save customers from damaged credit cards and identify thefts. It can save businesses from revenue loss, legal and compliance fines, or even ruin. PII can preserve reputation as well.

HIPAA (Health Insurance Portability and Accountability Act)

Health Insurance Portability and Accountability Act (HIPAA) includes the national standards that protect sensitive patient health information. Sensitive information may not be disclosed without the patient’s knowledge or permission.

According to hhs.gov, the following are the key requirements of HIPAA compliance in healthcare-related forms:

1. Ensure the confidentiality and integrity of all e-PHI they create, receive, maintain, or transmit
2. Identify and protect against reasonably anticipated threats to the security of confidential information
3. Protect against reasonably anticipated, impermissible use of disclosures
4. Ensure compliance by their workforce

Family Educational Rights and Privacy Act (FERPA)

Family Educational Rights and Privacy Act (FERPA) is a federal law that grants parents the right to have access to their children’s education records. Parents can seek to amend the records, and they have the right to have some control over the disclosure of PII from the education records.

Your parents being able to see your grades throughout the semesters, and them receiving your report cards are two examples of what rights FERPA grants.

PCI (Payment Card Industry)

The Payment Card Industry (PCI) is an organization that processes all kinds of payment cards (e.g., credit cards, debit cards, ATM cards). PCI has some data security standards (PCI DSS), which are linked to securing payment-related forms.

The standards include the following (not all standards are mentioned):

• Install and maintain a firewall configuration to protect cardholder data
• Protect stored cardholder data
• Develop and maintain secure systems and applications
• Assign a unique ID to each person with computer access
• Encrypt transmission of cardholder data across open, public networks

The relevance of PCI DSS standards in securing payment-related forms is to protect cardholder data and sensitive authentication data whenever it is processed, stored, or transmitted.

Summary

PII is any data used to identify someone, and it can save customers from damaged credit cards and identity theft.

HIPAA is a federal law that secures patient health information. There are certain requirements that healthcare workers need to follow under this act.

FERPA gives parents the ability to have access to their children’s education records.

PCI DSS (Payment Card Industry Data Security Standards) protects cardholder data and sensitive authentication data whenever it is processed, stored, or transmitted.

Web designers and developers have great responsibility when it comes to digital security. They must ensure firm security. This causes their users to trust them if good security is provided.

Ensuring firm security in legal compliance is also very important because it reduces the risk of having to stumble upon issues. Namely, government investigations, and monetary penalties. By protecting sensitive information, these potential problems can be avoided.