Protecting Patient Privacy
The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient health information (PHI) in the US. If your tech company deals with PHI, HIPAA compliance is mandatory.
Key Rules
- Privacy Rule: Who can access PHI and under what circumstances.
- Security Rule: Safeguards to protect electronic PHI (ePHI) – administrative, physical, and technical.
- Breach Notification Rule: Procedures for notifying patients and HHS if a breach occurs.
Business Associate Agreements (BAAs)
If you’re a vendor (like a cloud provider) serving a healthcare entity, you’re a ‘Business Associate’ and must sign a BAA, making you directly liable for HIPAA compliance.
