Gaurav Modi

HIPAA Right of Access Violations
Fines, HIPAA

OCR’s First Settlement of the Year: More HIPAA Right of Access Violations

January 12, 2021 Comments Off on OCR’s First Settlement of the Year: More HIPAA Right of Access Violations

January 12, 2021 The Office for Civil Rights (OCR) wasted no time starting on their new year’s resolutions, announcing their 14th settlement as part of the HIPAA right of Access initiative just 2 weeks into 2021. Patient right of access fines are starting to become a monthly occurrence, and it’s no surprise that the OCR would start off the new year with the same enforcement efforts they ended 2020 with. Banner Health, an Arizona-based non-profit health system operating 30 hospitals, primary care, urgent care, and specialty care facilities across the country, became the OCR’s first victim of the year with the largest right of access fine to date – $200,000.  This hefty payout comes as a result of two separate complaints filed against Banner Health, both highlighting the health systems noncompliance with the HIPAA right of access standard.  If today’s settlement isn’t enough reason to avoid dragging your feet on records requests and getting HIPAA compliant ASAP, maybe the latest statement from OCR Director Roger Severino will seal the deal: “This first resolution of the year signals that our Right of Access Initiative is still going strong and that providers of all sizes need to respect the right of patients to have timely access to their medical records.”   The OCR has clearly hit the ground running with HIPAA enforcement in the new year and it’s more important than ever to get your practice compliant. OCR Director Roger Severino has been beating the same right of access drum for over a year, and it’s no surprise given that audit results released just this past December show that most covered entities (a whopping 89%) don’t meet patient access requirements. Concerned your practice falls in that boat? Schedule a consultation today with one of our HIPAA experts to see where you currently stand and what you need to do to avoid falling into the government’s crosshairs in 2021.       

2020 HIPAA In Review
HIPAA

2020 HIPAA In Review

January 7, 2021 Comments Off on 2020 HIPAA In Review

January 7, 2021 Sound the air horns, blare your favorite pump-up jam, let loose your last few New Year’s streamers – we made it through 2020! Some of us picked up a new hobby, some just made ‘staying sane’ a hobby (raising our hands over here), but the fact is we made it through the year and have come out ready to weather what 2021 will throw our way. We know, we know – we want to close the book on last year, put it away in a very heavily locked box, and tuck that box in a corner of the attic we’ll quickly forget exists too (just us?). So why on earth do we want to recap 2020 instead? Well, record-breaking HIPAA enforcement, emerging cyber threats, new audit data, and ongoing trends in HIPAA are probably worth remembering – especially if keeping up to speed means protecting your practice in 2021. So here’s a recap of what happened with HIPAA this past year, and what we can expect to continue moving forward:    1. HIPAA Waivers and Enforcement Discretions You probably remember February/March as an era of toilet paper hoarding and “sorry I was on mute” as we collectively figured out Zoom meetings. But it was right around this time the Department of Health and Human Services (HHS) officially declared a National Public Health Emergency (PHE) and implemented HIPAA waivers with limited enforcement discretions. These waivers provided additional leniencies for providers and their business associates to use and share patients protected health information (PHI) for very specific purposes related to the PHE, and allowed for greater flexibility with telehealth services. After several extensions of the declared PHE, these limited waivers are still in effect until January 20, 2021 – but that doesn’t mean your practice is off the hook. Ensuring that you are up to normal HIPAA standards, such as implementing compliant telehealth solutions before the PHE expires, is the best, and perhaps the ONLY way to protect your practice from a hefty fine.    2. Rising Cyberattacks In the midst of all the COVID-19 hysteria, the healthcare industry faced yet another plague – cyberattacks. Cyberthreats have reached all-time highs over the past year, with hackers leveraging public vulnerability and remote operations to their advantage. Healthcare data is ten times more valuable on the black market than credit card information and makes your practice a prime target for hackers.  Many of 2020’s fines were the result of data breaches, most of which revealed a “systemic lack of [HIPAA] compliance” (as the OCR put it), and one of which resulted in the second-largest HIPAA fine to date of $6.85 million. While a cyberattack may be impossible to fully prevent, having a complete HIPAA program and reasonable safeguard in place is still expected. In short, if your practice doesn’t have basic HIPAA requirements like a Security Risk Analysis (SRA), the OCR will show no mercy in using a breach incident to slap your practice with a HIPAA fine.  In addition, many business associates were hit heavily with cyberattacks, ransomware, and breaches in 2020. Having proper Business Associate Agreements, a HIPAA requirement is essential to protect your practice from liability if a cyberthreat were to impact one of your vendors. A missing agreement could leave your practice with a fine – even if the breach was completely beyond your control. Review or complete business associate agreements with any vendor who may fall in this category as soon as possible to protect yourself, and make sure your HIPAA program basics (including training, your SRA, and proper documentation) are all up to speed.  3. Patient Right of Access Featuring heavily in 2020’s enforcement efforts was the patient right of access initiative. This hot topic accounted for over 50% of 2020’s total settlements, ranging from $3,500 (the smallest HIPAA fine to date) to $160,000. Each practice affected failed to provide patients or their authorized personal representatives with access to requested medical records within the HIPAA-mandated time frame. In fact, two instances were only resolved after the individuals involved complained a second time to the OCR, and one covered entity didn’t provide the requested records until almost three years after the initial request was submitted.  To put that in perspective, most state and federal regulations require records to be provided within 30 days of the patient request. This enforcement trend will only continue, especially as the Department of Health and Human Services looks to update HIPAA Privacy Rule provisions and enhance patient access to their health data in 2021.  4. 2021 and Beyond With increased enforcement, the likelihood of a HIPAA investigation has become a matter of ‘when’ instead of ‘if’. If your practice is a smaller one, the OCR has emphasized that you’re not immune – in fact, OCR Director Roger Severino recently urged the importance of compliance for “offices, large and small” as part of the OCR’s patient right of access initiatives.    2021 brings the opportunity to do more than just ‘make it’ through the year – the most important thing you can do for your practice is to get a complete HIPAA program in place now, before an incident occurs, to prove your compliance and avoid any costly HIPAA fines. Worried you might be missing something? Don’t stress! Register for a consultation with one of our HIPAA experts to learn what your practice must have in place when it comes to HIPAA compliance.  

HIPAA Summit Takeaways and OCR Guidance
HIPAA, Legislation

HIPAA Compliance Insights: Summit Takeaways and OCR Guidance

January 7, 2021 Comments Off on HIPAA Compliance Insights: Summit Takeaways and OCR Guidance

April 3, 2024 Happy Wednesday! Let’s crush the rest of the week! While we are battling our Hump Day blues, let’s turn this Wednesday into a learning opportunity.  A HIPAA Summit was held, introducing new updates to HIPAA legislation. Want the quick 411? You’ve come to the right place!  Part 2 Final Rule We go into more detail about this in our article here, but new legislation regarding the confidentiality of Substance Use Disorder patient records has been released.  You need to know that:  The full rule can be found here.   Cybersecurity Resource Revision The National Institute of Standards and Technology, or NIST released some new resources for cybersecurity measures. These resources include explanations of the HIPAA Security Risk Analysis and actionable steps to implement these measures. To read more about these resources, click here. HIPAA Online Tracking Technologies  Online tracking technologies have been at the forefront of recent compliance cases like the 300,000 dollar fine given to the NewYork-Presbyterian Hospital due to website tracking.  The OCR is on it, issuing guidance on how to properly use tracking technologies.  What you need to know is that when using tracking technologies: Enforcement Highlights Unfortunately, we’ve seen a major spike in patients impacted by HIPAA. In 2023, over 134 MILLION were exposed to a large HIPAA breach.  What You Can Do First, sorry for the information overload, but it’s vital to know for your practice.  By following these guidelines, you’ll provide an even more positive and secure experience for your patients. An easy way to stay compliant is with Abyde. The Abyde software offers a plethora of compliance resources, making compliance simple.  We offer the latest information and entertaining training for your practice, always keeping you on your A-game. Want to avoid common HIPAA mistakes? Use Abyde! We turned the Security Risk Analysis into an intuitive questionnaire that can be completed in minutes. We also offer dynamically generated documentation, including Business Associate Agreements that can be completed in seconds!  Want to see where your compliance currently stands? Email us at info@abyde.com and schedule a consultation here! 

Kaizen Tech Group Partnership
Partner News

Abyde and Kaizen Tech Group Announce Partnership to Help Independent Dental Practices Comply With HIPAA Requirements

January 7, 2021 Comments Off on Abyde and Kaizen Tech Group Announce Partnership to Help Independent Dental Practices Comply With HIPAA Requirements

May 17, 2023 The partnership between Abyde & Kaizen combines their respective expertise in healthcare compliance & tech solutions to offer an unparalleled suite of services! “We are excited to have partnered with Abyde to bridge that gap in understanding and provide compliance to our practices in a continuously evolving technology landscape.”— Kaizen Technology Group’s CEO Jason McAninch CLEARWATER, FLORIDA, UNITED STATES, May 17, 2023/EINPresswire.com/ — Abyde, a leading provider of simplified HIPAA & OSHA compliance software, and Kaizen Technology Group, a premier provider of comprehensive IT solutions, are pleased to announce a strategic partnership aimed at delivering efficient and secure compliance solutions to the dental industry. Abyde and Kaizen Technology Group’s partnership combines their expertise in healthcare compliance and technology solutions to offer an unparalleled suite of services designed to streamline and simplify HIPAA compliance for providers. With an increasing focus on data security and privacy, this partnership seeks to address the growing compliance challenges faced by dental practices in an ever-evolving regulatory landscape. Abyde CEO Matt DiBlasi added, “As someone who started the early part of my career in the MSP/IT world, helping independent practices with their technology and security, I see the need to have strong partnerships with organizations like Kaizen Technology Group. As Abyde continues to grow within the dental space and across the country, we will strategically align ourselves with companies that can help Abyde customers get their technical safeguards in compliance.” Kaizen Technology Group’s CEO Jason McAninch said, “Compliance is a daunting, ever-changing task. Due to many complexities, a lot of private practices are left with more questions than answers on where they stand with their compliance. We are excited to have partnered with Abyde to bridge that gap in understanding and provide compliance to our practices in a continuously evolving technology landscape.” Through this partnership, Abyde and Kaizen Technology Group aim to empower dental providers with the tools and knowledge necessary to navigate the complex regulatory landscape and maintain the highest data privacy and security standards. By simplifying compliance processes and implementing robust IT infrastructure, this collaboration will help practices focus on delivering quality care to their patients. About AbydeAbyde (Tampa, FL) is a technology company dedicated to revolutionizing HIPAA and OSHA compliance for medical professionals. Launched in January 2017, Abyde was formed with the idea that an easier, more cost-effective way for healthcare providers to comply with government-mandated regulations could exist. For more information on Abyde, visit www.abyde.com. About KaizenKaizen is a technology company based in Overland Park, Kansas that provides medical and dental practices with technology solutions, support, and maintenance. Kaizen specializes in private practice IT management and provides all-inclusive IT services and support for practices across the country. For more information on Kaizen, visit www.kaizen.dental.

Dental OSHA Whistleblower Violation Fine
Fines, OSHA

North Texas Dental Practice, Fined $15K for OSHA Whistleblower Violations

January 7, 2021 Comments Off on North Texas Dental Practice, Fined $15K for OSHA Whistleblower Violations

March 3, 2023 Blow the whistle… No, not like the 2006 Too Short song but OSHA’s Whistleblower Protection Program. Whistleblower protection laws are in place to prevent retaliation against employees who report safety violations, discrimination, or other illegal activities in the workplace. Under the Occupational Safety and Health Administration (OSHA) Whistleblower Protection Program, employees who report such violations are protected from retaliation by their employers. This protection includes not only termination but also other forms of retaliation such as demotion, reduction in pay, or denial of overtime or promotions. Why would a practice retaliate for a complaint received instead of mitigating the risk and working toward a culture of compliance?  That is a $15,706 question and unfortunately, Roger and David Bohannan of Roger H. Bohannan DDS Inc. have to answer. While on furlough in early 2020, a dental hygienist and dental assistant at the practice asked what coronavirus safety measures would be in place once patients and employees returned. When the practice did reopen, those two employees were not reinstated simply because they expressed their concerns and cited guidance from the Centers for Disease Control (CDC) and OSHA. Further investigation found that Bohannan Dentristry discriminated against employees for exercising their rights under section 11(c) of the OSH Act which prohibits retaliation by employers against workers who “blow the whistle” by exposing health and safety hazards. In a statement made by an OSHA Regional Administrator in Dallas, Eric S. Harbin, “Like all workers, these two people had every right to speak up without the fear of losing their jobs. We want workers to know that OSHA is here to protect their rights, and we won’t hesitate to exercise our authority when they are violated.” OSHA administers more than 20 whistleblower statutes, with varying time limits for filing. The time frame for filing a complaint begins when the adverse action occurs and is communicated to the employee. There are varying reporting deadlines from 30-180 days specific to each statute.  It is important for employees to know that they have rights under the law to report safety violations and other illegal activities without fear of retaliation. Employers have a responsibility to provide a safe and healthy workplace, and OSHA’s Whistleblower Protection Program helps to ensure that employees can speak up when they see something that is not right.

HIPAA Compliance FAQs
Best Practices, HIPAA

Compliance FAQs: Get Answers to Your Top HIPAA & OSHA Questions

January 7, 2021 Comments Off on Compliance FAQs: Get Answers to Your Top HIPAA & OSHA Questions

March 11, 2024 Let’s be honest: compliance can be complicated. With all the regulations, sometimes it feels like you’re making mistakes you don’t even know.  But with Abyde, it doesn’t have to be.  We have an A-list Customer Success team, ready to answer your questions. This week, we’re rolling out the red carpet for these compliance experts We’re interviewing our CS celebs on the HIPAA and OSHA questions they receive the most. Read below to get the inside scoop on what you need to know for your practice.  A child on a parent’s insurance just turned 18, while I know they have to sign consent forms, do the parents need consent to see or request their records?  Sorry, new grown-ups! Parents do not need consent to see their child’s records, they can do so for the purposes of insurance, or payment. It has to be the minimum information shared. Oh no! An employee was poked with a contaminated needle and needs to be tested. Who is responsible for paying for the tests?  The employer! It is the employer’s responsibility to take care of their employee in this situation. Whether it be through their insurance or Workers’ Compensation, or paying it directly, it is the employer’s responsibility.  Why do I need a Business Associate Agreement, aren’t they already HIPAA compliant? First, Business Associate Agreements are a requirement of HIPAA, and outline the rights and responsibilities of a Business Associate (BA) and a Covered Entity’s (CE) partnership. The BA agreement keeps both parties on the same page and protects your practice if there is a breach on their end, having this documented expectation of a BA’s responsibilities.  Why do I need to ask my employees if they’ve received their Hepatitis B vaccination?  Well, if the employee has the potential to be exposed to Bloodborne Pathogens (BBP) or Other Potentially Infectious Materials (OPIM), the employer has to give them the option to be vaccinated. Depending on the state, your employees must be vaccinated against Hepatitis B.  Do the doctors have to do HIPAA/OSHA Training? They own the practice.  Yes, even if doctors own their practice, they still need to ensure compliance with HIPAA. All employees must complete training, even the owner of the practice.   HIPAA regulations are designed to protect patients’ sensitive health information, regardless of whether the provider is part of a large institution or an independent practice.  Therefore, doctors who own their practice must undergo HIPAA training to understand their responsibilities and ensure that their practice adheres to HIPAA regulations. Do I need to report my breach to the OCR?  Just like a fender bender doesn’t require the same reporting as a 10-car pile-up, not all breaches need to be reported. For instance, breaches that affect 500 or more patients must be reported to the OCR.  However, you will want to log ALL incidents in your Abyde Breach Log, even if OCR reporting isn’t necessary. As you can see, our compliance experts are here to clear up any compliance confusion for you. At Abyde, we want to simplify compliance for your practice or business, and our awesome CS team is a testament to that. To learn more about how Abyde is the solution for all of your compliance worries, email us at info@abyde.com and schedule a compliance consultation here for Covered Entities, and here for Business Associates. 

HIPAA Compliance and Security
Cybersecurity, HIPAA

Compliance and Security: A Match Made in HIPAA Heaven

December 29, 2020 Comments Off on Compliance and Security: A Match Made in HIPAA Heaven

December 29, 2020 Peanut butter and jelly, macaroni and cheese, rock and roll – there’s really no mistaking that some things are just better in pairs. While these might be the obvious examples to tag along with the old 80’s hit “It Takes Two to Make a Thing Go Right”  there’s another dynamic duo that plays an important role in your practices’ daily operations: Compliance and Security.  Compliance and security go hand-in-hand, making the perfect team when it comes to protecting patient data. But falling into the trap of thinking that achieving one means meeting the other can mean double trouble for your practice – so it’s important to understand the differences between the two and how to ensure you’re checking both off your list.  What is compliance? Compliance is kind of like the bread and butter of your practice. It essentially focuses on the regulatory requirements involved in the protection of sensitive patient data – meaning that you not only have a secure technical environment but also have the know-how and documentation to prove it. Compliance is a comprehensive set of standards that practices must meet to avoid fines but should be viewed as more of a baseline when it comes to security, not the end all be all. Complying with HIPAA means meeting various requirements outlined in the HIPAA Security and Privacy Rule – but there’s more to the story when it comes to ensuring that patient data is fully protected.  What is security?  Security is the whole system of policies, processes, and technical controls specific to your practice. The goal of security is to ensure the best possible protection of the confidentiality, integrity, and availability of patient data – which in the age of technology means constantly updating to mitigate the risk of ever-changing threats. When we think of security we often think of locks on practice doors and passwords on computers but those safeguards only brush the surface of true security.  Having the proper technical safeguards in place, and staying up to date on any new threats, such as the recent threat to Microsoft Exchange vulnerabilities knowing how to properly mitigate a potential threat, and staying educated are just some ways to meet your practice’s security needs.   So, what’s the difference?  While both are crucial in protecting patient data, security and compliance are not one and the same. The key distinction between the two is that compliance requirements are a bit more predictable whereas security standards are rapidly evolving with current risks and threats. This, unfortunately, means that even if you check off each of the compliance requirement boxes doesn’t exactly mean that your practice is 100% secure –  which is why you are still at risk for a cyberattack even if you have a complete HIPAA compliance program in place.  Why you need both!  Just like Batman and Robin, when you put the two forces together – they’re pretty unstoppable. And with cyberattackers playing the role of the modern-day villain, establishing strong compliance AND security programs are the best, and perhaps the only way to ensure you’re taking every measure to protect patient data. 

Importance of Record Requests
Fines, HIPAA

OCR Announces 13th Right of Access Fine, Drives Home Importance of Record Requests

December 22, 2020 Comments Off on OCR Announces 13th Right of Access Fine, Drives Home Importance of Record Requests

December 22, 2020 The Office for Civil Rights (OCR) has been in the giving spirit the past few months, and they couldn’t close out 2020 without handing out at least one last holiday gift. We know there’s only 12 days of Christmas as the song goes – and we don’t think the OCR will be handing out lords-a-leaping or piper’s piping anytime soon – but there IS one more gift not mentioned in the classic song (at least the OCR 2020 edition): 13 patient right of access fines. The latest settlement adds to quite a historic year for HIPAA enforcement – and proves just how unprepared many practices have been when it comes to HIPAA compliance. This week’s extra gift went to Peter Wrobel, M.D whose practice Elite Primary Care out of Georgia found themselves doing a little extra holiday spending this year after settling with the OCR for $36,000.  The settlement resolved a patient right of access complaint from April 2019, which took over a year to fully wrap (present-related pun intended). Here’s the highlights from this latest fine: Important notes for any covered entity? Make sure to provide records in a timely manner, AND in the way the patient requests them. Additionally, requests can be submitted in any form (verbal, written or otherwise) but documented, written requests are always key to best protecting your practice and meeting timeframe requirements. Take a minute to brush up on how to handle access requests if your practice needs a refresher. Taking over a year to get records access is already a bad call, but proposed changes to the HIPAA Privacy Rule will make the typical 30 day timeframe to provide records even shorter. When it comes to patients getting access to their own PHI, the OCR is serious about keeping covered entities of all sizes in line.  While this may not have been the gift Elite Primary Care was wishing for this year, it did come with is some wise words of advice from OCR Director, Roger Severino: “OCR created the Right of Access Initiative to address the many instances where patients have not been given timely access to their medical records. Health care providers, large and small, must ensure that individuals get timely access to their health records, and for a reasonable cost-based fee.”  We hope your practice gets a better gift this year than a hefty fine – but if you aren’t certain where you stand, get the gift of confidence in your HIPAA program by scheduling an educational webinar today!   

Latest HIPAA Audit Industry Report
Audits, HIPAA

Latest HIPAA Audit Industry Report

December 18, 2020 Comments Off on Latest HIPAA Audit Industry Report

December 18, 2020 End of year report cards are in (or at least they are for covered entities) and the HIPAA compliance grades the Office for Civil Rights (OCR) & Department of Health and Human Services (HHS) just handed out are not ones to write home about. Just yesterday, the HHS released their latest HIPAA Audits Industry Report grading providers and business associates’ on their level of compliance with HIPAA regulations.  The report evaluated audit results from 166 covered entities and 41 business associates, focusing specifically on compliance with the Notice of Privacy Practices, patient records access, breach notifications timeliness and content, the Security Risk Analysis, and appropriate risk management programs. While the full report is pretty lengthy, we’ve compiled some of the top takeaways from these latest results: So what does this data tell us? In some ways, nothing new – all of the areas audited have factored heavily into recent OCR enforcement activity, and highlight the same trends we’ve seen all year. If not part of recent enforcement, these areas factor into the recent proposal to modify the HIPAA Privacy Rule, including proposed adjustments to the Notice of Privacy Practices. “The audit results confirm the wisdom of OCR’s increased enforcement focus on hacking and OCR’s Right of Access initiative,” said OCR Director Roger Severino in addition to the latest report, “we will continue our HIPAA enforcement initiatives until health care entities get serious about identifying security risks to health information in their custody and fulfilling their duty to provide patients with timely and reasonable, cost-based access to their medical records.”  What NEW information can we take away from these results? Organizations are STILL. NOT. COMPLIANT. Many of the covered entities or business associates audited produced what they thought was sufficient evidence, but did not meet actual HIPAA requirements. Some weren’t even close – when asked to produce an SRA, entities provided irrelevant documents like a patient’s insurance prescription coverage and rights; a document discussing pharmacy fraud, waste and abuse; and a conflict of interest and code of conduct employee sign-off page – none of which are even semi-related to an actual SRA.  If your practice wants to get a slightly better HIPAA grade than the ones in this recent audit, ensuring you have the PROPER documentation in place, and meet ALL HIPAA requirements is key. If HIPAA isn’t your best subject, a software solution like Abyde is the tutor you’ve been needing to help walk you through the process to get an A+ (plus avoid hefty HIPAA fines, stress over your HIPAA program, and general unhappiness).

HHS Proposes Changes to HIPAA Privacy Rule
HIPAA, Legislation

HHS Proposes Changes to HIPAA Privacy Rule

December 11, 2020 Comments Off on HHS Proposes Changes to HIPAA Privacy Rule

December 11, 2020 When you thought of HIPAA, was the image that came to mind an old, never-changing and outdated law? If it was, the Department of Health & Human Services (HHS) just issued a wake-up call with a new Notice of Proposed Rulemaking (NPRM), announced yesterday, to make fresh new modifications to the HIPAA Privacy Rule.  So what may be changing when it comes to HIPAA? The proposed modifications are designed to address barriers to value-based health care, particularly those that limit or discourage care coordination and case management communications, as well as amend provisions of the Privacy Rule that pose “unnecessary regulatory burdens” without sufficiently improving privacy protections. While the 357 page document contains a lot of information, a few highlights of the proposed changes include: There’s a lot to unpack within these proposed changes, but in general, the proposal helps to bring the HIPAA Privacy Rule up to date with current technology usage, in addition to expanding and emphasizing patient’s rights to view, receive, and handle their own PHI. While these rules are just a proposal, it’s highly likely that most of these changes will go into effect (or a similar version of them) once the proposal’s comment period ends. So when will you need to worry about these changes? Since the proposal’s announcement on December 10th, comments on the notice are due within 60 days. Once the comment period has ended and any changes are finalized, the effective date will be 60 days from the final publication. Your practice will still have a little breathing room, as covered entities would have 180 days from the effective date to update or implement policies to achieve compliance with these new or modified standards – essentially, you’ll have 240 days after the rule is finalized to comply.  While complying with these proposed Privacy Rule changes won’t be necessary for quite a while, knowing what is coming and preparing your practice ahead of time is still key. If you don’t have a current compliance program in place that reflects the most recent industry threats and updates, consider throwing out what may be a very old HIPAA binder and seeking out a new solution that can help you dynamically update your policies as these changes go into effect next year. 

Are you prepared for OSHA's Workplace Violence Prevention requirements? Learn what you need to do to be compliant.

DOWNLOAD CHECKLIST
X