|
|
| | Ask HN: HIPAA Compliance? | | 2 points by dyeje on Sept 8, 2018 | hide | past | favorite | 1 comment | | | I recently took the helm on a startup project that deals with PHI. I'm researching alot trying to understand everything I need to do for compliance. Do you have any books, articles, training courses, consultants, services, etc that you recommend for understanding and implenting HIPAA compliance? |
|
Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact
|
Ignorance is no excuse, so it's important to take the recommended precautions. I would suggest hiring a 3rd party auditor with some sort of certifications -- that'll be an important CYA.
In general, you want to have written protocols and documented auditing for the following (plus some general concepts):
* Encrypt at rest, in transit
* Who has access? What is the policy for granting/revoking access? Is there an audit trail to see who accessed what, in the event of a breach?
* What data / systems are considered PHI/PII?
* How do you train employees about HIPAA?
Most of this is documenting processes and then showing that you review the logs every 3/6/whatever timeframe.
A more complete list: https://www.hipaajournal.com/what-is-a-hipaa-violation/