Professional Documents
Culture Documents
Checklist for
Tech Vendors
EBOOK GUIDE
HIPAA Compliance Checklist for Tech Vendors
03
HIPAA Compliance Checklist for Tech Vendors
04
HIPAA Compliance Checklist for Tech Vendors
A third-party technology or SaaS A third-party accounting firm that A consultant requiring access to
vendor whose software is used by provides its services to a healthcare PHI during their engagement for
healthcare providers to process ePHI. provider and accesses PHI (claims) to any purpose.
perform their role.
05
HIPAA Compliance Checklist for Tech Vendors
Where to Start
You’ll need to first select an information security framework and
perform a gap analysis to discover the additions / changes needed
to meet the HIPAA-specific requirements.
This helps you understand the tasks ahead of you, what projects
you can start on immediately, and what areas might require
outside assistance.
06
HIPAA Compliance Checklist for Tech Vendors
PHYSICAL SAFEGUARDS
07
HIPAA Compliance Checklist for Tech Vendors
TECHNICAL SAFEGUARDS
08
HIPAA Compliance Checklist for Tech Vendors
ADMINISTRATIVE SAFEGUARDS
Have a Risk Management Policy Have an Incident Response and Management Policy
Have an Organization Chart Have a Business Continuity & Disaster Recovery Plan
Have an Access Management Policy Set up Business Continuity & Disaster Recovery Testing Schedule
Have a Data Protection Policy Have Backup & Recovery Policy and Procedures
HITECH CHECKLIST
11
HIPAA Compliance Checklist for Tech Vendors
Next Steps
Achieving HIPAA compliance is no small feat, and it can feel daunting when you realize what’s involved.
A successful program relies first and foremost on fully A security and privacy management platform (such as
understanding the scope of the effort -- from drafting Securicy) will have the HIPAA-specific modules that will
necessary policies to implementing, managing, and reporting automatically generate custom policies, procedures, designate
on your compliance efforts. key officers, and track your progress toward compliance.
12
Chat with an Expert
About Carbide
Need help getting your organization
HIPAA compliant?
Carbide, formerly known as Securicy, makes enterprise-class
security and privacy accessible to fast-growing companies. Unlike
Talk to our security experts about the HIPAA
“checkbox-style” compliance solutions, our information security
Compliance Fast Track in the Carbide platform.
and privacy management platform is based on universal best
practices to enable customers to create, promote, and prove their
commitment to security no matter which security framework or
privacy regulation they wish to comply with.
Get the tools you need to generate policies, while
By making it easy to embed security and privacy into the DNA efficiently achieving, maintaining, and reporting on
of your organization, Carbide can help sharpen your competitive your compliance status.
edge and accelerate your company’s growth trajectory. To learn
more about how we can help no matter where you are in your
security journey, visit www.carbidesecure.com. BOOK A DEMO
CarbideSecure.com
13