← All services

Compliance

HIPAA Compliance

Protect electronic health information with the encryption, access controls, and safeguards HIPAA requires.

HIPAA is an unusual law: it makes many recommendations (addressable items) and a few firm requirements, but ultimately each organization must determine what it needs to do to be compliant. That creates both flexibility and uncertainty.

In general, to be HIPAA-compliant, systems handling electronic protected health information (ePHI) must ensure that data is:

  • Encrypted in transit — always protected as it travels over the internet
  • Backed up — never lost, and recoverable when needed
  • Access-controlled — reachable only by authorized personnel using unique, audited credentials
  • Integrity-protected — never altered or tampered with
  • Encrypted at rest — protected while stored or archived
  • Disposable — permanently destroyed when no longer needed
  • Covered by a Business Associate Agreement — hosted by a partner under a HIPAA BAA, or on properly secured in-house servers

We help you put these safeguards in place and keep them current as HITECH and related requirements evolve.

Talk to us about this