One of the areas we are required to evaluate on every HIPAA audit or compliance assessment is whether our client is compliant with HIPAA’s record retention requirements.
One of the areas we review on all audits and assessments of the HIPAA Security Rule is HIPAA’s requirements concerning contingency plans.
With the use of cloud technology trending upward, many cloud companies are touting themselves as “HIPAA certified.” In fact, there is no such thing as a HIPAA certification.
You won’t find the words “Patch Management” in the HIPAA Security Rule, but given recent action taken by the US government agency that enforces HIPAA compliance, it’s there.
The modifications to HIPAA known as the “HIPAA Omnibus Rule” became effective March 26, 2013, and covered entities and business associates were give about 6 months to get in compliance.
The HIPAA Security Rule’s implementation specifications are each labeled as either “required” or “addressable.”