HIPAA Record Retention Requirements: How Long Should We Retain ePHI Data?

By Rob Pierce on August 2, 2017August 2, 2017

One of the areas we are required to evaluate on every HIPAA audit or compliance assessment is whether our client is compliant with HIPAA’s record retention requirements.

The HIPAA Contingency Plan

By L&Co Staff on February 3, 2016October 11, 2017

One of the areas we review on all audits and assessments of the HIPAA Security Rule is HIPAA’s requirements concerning contingency plans.

SaaS HIPAA Considerations

By Rob Pierce on February 18, 2015February 18, 2015

With the use of cloud technology trending upward, many cloud companies are touting themselves as “HIPAA certified.” In fact, there is no such thing as a HIPAA certification.

Patch Management and HIPAA Compliance

By L&Co Staff on January 28, 2015October 11, 2017

You won’t find the words “Patch Management” in the HIPAA Security Rule, but given recent action taken by the US government agency that enforces HIPAA compliance, it’s there.

Using the SOC 2 or AT 601 Reports to Demonstrate Compliance with HIPAA

By L&Co Staff on September 18, 2013October 11, 2017

The modifications to HIPAA known as the “HIPAA Omnibus Rule” became effective March 26, 2013, and covered entities and business associates were give about 6 months to get in compliance.