HIPAA
Protect PHI and demonstrate HIPAA due diligence to clients and regulators.
Security Rule Analysis
The cornerstone HIPAA risk analysis
OCR Due Diligence
Evidence ready for regulator scrutiny
Attestation Programme
Documented compliance you can demonstrate
PHI Safeguard Experts
Specialists in protecting health data
What it is
HIPAA sets national standards for protecting protected health information (PHI). Its Privacy, Security and Breach Notification Rules require covered entities and business associates to safeguard PHI through administrative, physical and technical safeguards, with the Security Rule risk analysis as the cornerstone of the programme.
Who must comply
US healthcare providers, plans and clearinghouses, plus any vendor that handles PHI on their behalf; business associates are directly liable under HITECH, so the duty flows down the supply chain.
How IntelligenceX helps
Frequently Asked Questions
No. The government does not certify HIPAA compliance, and any HIPAA certified badge is marketing only. We provide a documented risk analysis and compliance programme that demonstrates due diligence.
If you create, receive, store or transmit PHI for a covered entity, you are a business associate and HIPAA applies directly, including signing BAAs.
There is no fixed interval, but OCR expects it to be current: reviewed at least annually and whenever you make material changes to systems, vendors or workflows. A stale or missing risk analysis is the issue OCR cites most often, so we help you keep it living rather than shelved.