HIPAA compliance is mandatory for applications handling Protected Health Information (PHI).
Key Safeguards
Administrative
- Workforce training
- Security policies
- Incident response procedures
Physical
- Facility access controls
- Workstation security
- Device and media controls
Technical
- Access controls (RBAC)
- Audit logging
- Transmission security
- Encryption requirements
Implementation Requirements
Access Controls
- Unique user identification
- Emergency access procedures
- Automatic logoff
- Encryption/decryption
Audit Controls
- Log all PHI access
- Retain logs 6+ years
- Regular log reviews
- Tamper-proof storage
Business Associate Agreements
Any third-party handling PHI must sign a BAA.
