← All services
Compliance
HIPAA Compliance
Protect electronic health information with the encryption, access controls, and safeguards HIPAA requires.
HIPAA is an unusual law: it makes many recommendations (addressable items) and a few firm requirements, but ultimately each organization must determine what it needs to do to be compliant. That creates both flexibility and uncertainty.
In general, to be HIPAA-compliant, systems handling electronic protected health information (ePHI) must ensure that data is:
- Encrypted in transit — always protected as it travels over the internet
- Backed up — never lost, and recoverable when needed
- Access-controlled — reachable only by authorized personnel using unique, audited credentials
- Integrity-protected — never altered or tampered with
- Encrypted at rest — protected while stored or archived
- Disposable — permanently destroyed when no longer needed
- Covered by a Business Associate Agreement — hosted by a partner under a HIPAA BAA, or on properly secured in-house servers
We help you put these safeguards in place and keep them current as HITECH and related requirements evolve.