HIPAA Compliance for Medical Software Applications
Medical Software Application including mobile, web, IoT and back-end applications that process Protected Health Information (often abbreviated to PHI, or ePHI when it is stored or transmitted electronically) are required to comply with HIPAA requirements. Examples of these applications include eHealth or mHealth app that collects personal data about the [...]
Overview of HIPAA Privacy and Security Rule
The Health Insurance Portability and Accountability Act (HIPAA) Omnibus Final Rule, effective March 26, 2013, greatly expands privacy and security standards, compliance actions, breach notification steps, and penalties. The new regulations allow for fines of more than $1 million for health record breaches. The potential for data breaches is significant [...]
Covered Entities and Business Associates under HIPAA Compliance
The Department of Health and Human Services (HHS) has issued the HIPAA Omnibus Final Rule in January 2013. The rule’s security and privacy implications lie in its strengthening of regulatory protections for patient information and increasing fines for HIPAA violations. HHS has taken a series of steps to strengthen patient [...]
Benefits and Applicability of SOC 2 Reports
Third party organisations that successfully complete a SOC 2 audit can offer their clients reasonable assurance that an independent reviewer has assessed their controls that relate to operations and compliance; and they meet the criteria prescribed by AICPA for the five TSCs. The report helps to prioritise risks in order [...]
Enhanced SOC 2 Reports
Enhanced SOC 2 reports are highly flexible tools that can incorporate multiple frameworks and industry standards into third-party assurance reporting. For Outsourced Service Providers (OSP’s), the benefits are even more significant. Consider that these businesses must often respond annually to hundreds of individual audit requests, customer questionnaires, and requests for [...]