Source: www.upguard.com
Meeting the Third-Party Risk Requirements of HIPAA in 2022 | UpGuard
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a United States Federal Law designed to protect sensitive patient information from unauthorized disclosure, either throughhttps://www.upguard.com/blog/data-breach-vs-data-leak or the result of a planned cyberattack. The framework for this data protection standard is divided into two components: The HIPAA Security Rule - Stipulating protection standards for all electronic forms of personal health information (ePHI).
Included in the list of “Covered Entities” that must comply with the HIPAA regulation is “business associates,” which includes any external entity with access to Personal Health Information (PHI) - also known as third-party vendors.
But if thehttps://www.upguard.com/blog/vendor-risk-management component of HIPAA compliance is effectively addressed, regulatory compliance with the remaining information security components becomes relatively easy.
A Business Associate Agreement (BAA) is required from Business Associates to assure compliance with HIPAA’s PHI security standards when processing sensitive health data.
Included in the list of “Covered Entities” that must comply with the HIPAA regulation is “business associates,” which includes any external entity with access to Personal Health Information (PHI) - also known as third-party vendors.
But if thehttps://www.upguard.com/blog/vendor-risk-management component of HIPAA compliance is effectively addressed, regulatory compliance with the remaining information security components becomes relatively easy.
A Business Associate Agreement (BAA) is required from Business Associates to assure compliance with HIPAA’s PHI security standards when processing sensitive health data.
Related Articles
Community Partners
DevOps Careers