Why You Need To Make Sure You Are HIPAA Compliant as a Healthcare Start-up

An Introduction to HIPAA Compliance

The HIPAA act was devised in order to codify certain practices and regulations surrounding the privacy of patient information within the healthcare system. It was first passed into law in 1996, but it was updated in 2013 to cover digital healthcare records and various data-related aspects that had become more and more prevalent.

HIPAA Security Rules

  1. Privacy: Medical records and patient data need to be protected while still being portable enough to be transferred safely where needed. This is also where a patient’s rights are codified in terms of how they manage their own data.
  2. Security: This speaks to a company’s obligation to institute appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of patient information.
  3. Enforcement: This looks at how the regulator calculates fines for non-compliance, laying out the stakes for when companies get things wrong.
  4. Breach Notification: This further defines what a breach looks like and how it should be disclosed and dealt with.
  5. Omnibus: This modifies the old HIPAA act, making things more stringent and adding extra detail where it was lacking.
  • Do you have stringent risk assessment policies in place that codify your company’s compliance requirements?
  • Is your data storage in line with international best practice?
  • Do you minimize your personal data storage to only what is absolutely required?
  • Do you encrypt the data that flows through your system?
  • Do you have a robust data backup and recovery process in place?
  • Do your patients have the right to be forgotten?
  • Are there watertight access controls that determine who can access what?
  • Do you make use of suitable authentication protocols?
  • Do you schedule a regular audit to assess your HIPAA compliance?
  • Do you have a remediation plan for what will happen if there is a breach?

The Importance of HIPAA Compliance for Healthcare Start-ups



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sunflower Lab

Sunflower Lab

We are a fast-growing, award-winning digital product and innovations agency with offices across North America.