Indian Outsourcer Complies With U.S. Security Laws - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership // IT Strategy

Indian Outsourcer Complies With U.S. Security Laws

Patni Computing Systems has instituted measures to strictly adhere to HIPAA and the Sarbanes-Oxley Act.

Mumbai, India, might seem to be a strange place to institute rigorous IT safeguards to comply with the tough provisions of the HIPAA and Sarbanes-Oxley acts, but Indian outsourcing firm Patni Computing Systems has instituted measures to strictly adhere to those two U.S. security provisions.

With U.S. clients sending data to Patni's Mumbai headquarters, the Indian outsourcing firm has found that it must protect and secure the data--not only from potential standard incursions, but also to comply with the two security- and privacy-oriented acts. "We have to make sure our software is HIPAA and Sarbanes-Oxley compliant," Satish Joshi, Patni's chief technology officer and senior VP, said Wednesday in an interview. "When a U.S. customer runs the software, it has to be compliant."

Patni has several U.S. medical-insurance clients who specify that the offshore outsourcing firm comply with HIPAA, the Health Insurance Portability and Accountability Act of 1996. In addition, Patni has a few clients who must comply with the Sarbanes-Oxley Act, which calls for strict compliance with financial and accounting standards.

Joshi said Patni develops software for U.S. medical-insurance firms, and that software must meet the standards set by HIPAA for the protection of patient records. The emphasis is on creating software that can be used in the United States for HIPAA-compliant work and is not involved with the actual patient records. Software developed for U.S. financial firms must, likewise, comply with the accounting and financial standards set by Sarbanes-Oxley

Joshi, who oversees Patni's security and privacy issues, indicated that the safeguards to comply with HIPAA and Sarbanes-Oxley are just an extension of the company's existing security measures. Data from U.S. businesses typically is encrypted and sent to India over fiber-optic lines, but occasionally over satellite links. Encrypted data "is practically unbreakable," he said, adding that he does not know of any case where encrypted transmitted data has been broken. "We don't use disks or tapes to transmit data."

Noting that Patni's U.S. clients regularly visit the company's data center in Mumbai--the Indian city formerly called Bombay--Joshi said they find security and privacy safeguards to be as rigorous as they are in the U.S. Access to the firm's data center is tightly controlled and restricted, individuals' access to data is specific and limited to work specified, no magnetic media can be removed or brought into the data center without tight controls, and data backup and storage is controlled.

"Our clients need assurance that data is actually destroyed after work is done," Joshi said. "Most clients have their own security standards that they have to comply with. They can review our [quarterly] security audit reports."

The firm also requires its employees to sign non-disclosure agreements. "We know that people can carry information in their heads," he said. "So we have rigid non-disclosure pacts."

Patni generally follows the security and privacy guidelines set by the ISO 17799 and BS 7799, international and British security standards, respectively.

Patni maintains its U.S. headquarters in Cambridge, Mass., where the firm began after its founder, Naren Patni, graduated from MIT 25 years ago. It has more than 15 offices in the United States, and Its roster of 150 clients includes big U.S. companies such as Coca-Cola, General Electric, Guardian Life Insurance, and Putnam Investments.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Preparing for the Upcoming Quantum Computing Revolution
John Edwards, Technology Journalist & Author,  6/3/2021
How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll