Framework library / HIPAA

Data & Security · regulatory framework

HIPAA — Health Insurance Portability and Accountability Act.

US health-data law — every vendor touching PHI needs a BAA and documented oversight.

What it is

HIPAA’s Privacy and Security Rules protect PHI. Covered entities and business associates must execute Business Associate Agreements (BAAs) with every vendor that touches PHI, conduct risk analyses, and maintain documentation for six years — including the vendor-oversight records regulators request after an incident.

Who it applies to

Healthcare providers, plans, clearinghouses — and every SaaS, lab, logistics or manufacturing partner acting as a business associate.

The evidence auditors expect

How ComplianceFlow keeps you ready

Related frameworks

GDPRSOC 2ISO 27001

See HIPAA evidence assemble itself.

ComplianceFlow keeps a living copy of HIPAA mapped to your suppliers, products and evidence — so what you must prove is always current, and always exportable.

Book a demo Get the audit checklist