What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) and subsequent Health Information Technology for Economic and Clinical Health (HITECH) are standards for the safeguard of consumers’ protected health information (PHI).
The HIPAA security rule protects all individually identifiable health information a covered entity creates, receives, maintains, or transmits in electronic form. This information is called “electronic protected health information” (e-PHI).
To comply with the HIPAA Security Rule, all covered entities must do the following:
Ensure the confidentiality, integrity, and availability of all electronic PHI.
Detect and safeguard against anticipated threats to the security of the information.
Protect against anticipated impermissible uses or disclosures.
Certify compliance by their workforce
How It Works
Insight Assurance has information security experts assisting organizations to understand and assess their compliance with the HIPAA Security Rule.
The HIPAA assessment services include the review of your company’s policies, procedures, and processes. The goal of this assessment is to identify gaps in your control environment related to the HIPAA security rule and provide recommendations for remediation at a point in time.
SOC 2 + HIPAA
A SOC 2 + HIPAA allows an organization to meet the compliance requirements for both HIPAA and SOC 2 by using the HIPAA security requirements as the criteria for testing the design and operating effectiveness of the controls at the company.