top of page

Government Compliance

United States Government regulations require Tax Practitioners and Medical Practitioners to be Cybersecurity Compliant
with IRS and HIPAA standards. This includes businesses with as little as 1 employee, such as CPAs, Bookkeepers,
Dentists, Chiropractors,  Otolaryngologists, etc.

Financial advisors, real estate appraisers, loan brokers, and mortgage lenders who have their clients’ Personal Identifiable
Information (PII) and various financial information are required to be cybersecurity compliant in accordance with Gramm-
Leach-Bliley Act (GLBA) as of June 2023. Failure to comply with the GLBA can be severe, with penalties as large as
$100,000 per violation. Owners and officers of the company can face up to five years in prison. While prison time is
unlikely, the fines are very likely for those who ignore their cybersecurity compliance obligation. The level of those fines
will depend on your culpability in the cyberattack. The GLBA cybersecurity requirements are basically the same as the
IRS and HIPAA, because the cyber threat they face is the same. In fact, all three point to FTC and NIST websites for
further clarification.

Over the years, their cybersecurity requirements have become easier to understand for people without a working
knowledge of IT and human engineered cyberattacks. This has removed the most common excuse  for not being compliant “I didn’t understand what was required”.

One requirement that is not so clear is the Written Information Security Plan (WISP). In June 2023, the IRS required all
tax practitioners to have a “valid” Written Information Security Plan (WISP) or face huge fines. HIPAA also recommends
medical practitioners have a Written Information Security Plan (WISP). To clearly understand that is required to create a
valid WISP, you must have a working knowledge of IT and the patience to wade through over 290 pages of material on
IRS, HIPAA, FTC and NIST websites. This is why you need the help of a cybersecurity specialist, to create a valid WISP.

Depending on the size of your business, some allowances can be made. In addition to avoiding fines and mitigating client
lawsuits, compliance can better protect the business from the business disruption cyberattacks often create.

Government contractors can be subjected to similar cybersecurity compliance requirements. These cybersecurity
requirements are often more aggressive and comprehensive depending on which government agency you are working
with. Starphyre can help you understand what is required and provide you with the services you need for compliance.

Schedule a No Obligation Consultation

bottom of page