One of the areas we are required to evaluate on every HIPAA audit or compliance assessment is whether our client is compliant with HIPAA’s record retention requirements.
Tag: Security Rule
The HIPAA Contingency Plan
One of the areas we review on all audits and assessments of the HIPAA Security Rule is HIPAA’s requirements concerning contingency plans.
SaaS HIPAA Considerations
With the use of cloud technology trending upward, many cloud companies are touting themselves as “HIPAA certified.” In fact, there is no such thing as a HIPAA certification.
Patch Management and HIPAA Compliance
You won’t find the words “Patch Management” in the HIPAA Security Rule, but given recent action taken by the US government agency that enforces HIPAA compliance, it’s there.
Using the SOC 2 or AT 601 Reports to Demonstrate Compliance with HIPAA
The modifications to HIPAA known as the “HIPAA Omnibus Rule” became effective March 26, 2013, and covered entities and business associates were give about 6 months to get in compliance.
Required vs. Addressable Implementation Specifications in the HIPAA Security Rule
The HIPAA Security Rule’s implementation specifications are each labeled as either “required” or “addressable.”