HIPAA / HITECH
Recent changes to HIPAA security & privacy rule enforcement and the the addition of the breach notification rules (under HITECH) have lead to more than just health care companies being impacted. Any company providing services to “covered entities” (health care organizations) will be required to sign Business Associate Agreements. These agreements generally require the service provider (your company) to agree that you are compliant with the HIPAA Security Rule as well as other provisions. Are you comfortable signing Business Associate Agreements? Regardless, if you have customers that are health care providers, you may be liable and subject to unwanted federal audits and penalties up to $1.5 million.
Leverage Existing Controls
Compliance with the HIPAA Security Rule is straightforward if you have other controls in place, such as those required to have a favorable SOC 2 Type II report issued. HIPAA requires that you have implemented “administrative, technical, and physical” controls. Administrative controls are covered by your policies, procedures, and risk analysis process. Technical and physical controls are dictated by your policies.
If you have any customers or partners that are health care providers, or have been asked to sign business associate agreements, don’t hold that extra liability. HIPAA compliance can often be achieved fairly quickly with minimal effort.
Have Questions About HIPAA?
LET US HELP YOU FIND OUT WHAT COMPLIANCE FRAMEWORK IS BEST FOR YOUR BUSINESS.
Our unique combination of expert security and compliance consulting and penetration testing will ensure you’re prepared in the most practical and quickest way possible.
Get Started with SOC 2 ComplianceDOWNLOAD SOC 2 BUNDLE