Compliance challenges are nothing new in the healthcare sector. Mass 201 CMR 17 has made compliance even more complex for anyone doing business in and with companies in Massachusetts. Security experts sought to untangle the confusion and present the common building blocks of a plan that will at least ensure “legally defensive security” The National Institute of Standards and Technology (NIST) has a nice template for what you need in terms of the common tech controls for various tech controls and the various regulations for the various tech needs.”]