The world is rapidly moving toward the cloud and away from traditional IT systems. Browser-based security using https has evolved and is now accepted by customers as "secure." In recent years, many browser security flaws have been identified and fixed. A major industry shift occurred when some browsers were created and maintained as open source projects. This helped increase security thanks to a community of engineers reviewing and updating the code on an ongoing basis at no cost. Since some current browsers are not controlled by private corporations, this also creates a key element of trust.
U.S. federal law requires any organization dealing with private health information to adhere to strict security guidelines defined by the
Health Insurance Portability and Accountability Act (HIPAA). However, non-healthcare companies are free to choose a HIPAA-compliant strategy with no liability to their customers and the increased benefits of additional security.
Even if your company does not need to comply with HIPAA regulations, it's an excellent risk-management strategy to protect very sensitive information like credit card numbers and private customer information. Companies need to consider the overall context of the data that customers trust them to protect.