Build trust with a HIPAA attestation

Demonstrate your secure and reliable handling of ePHI to build trust with large enterprise healthcare organisations.

soc2-explained-video-cover
SOC 2 STANDARD

Is this the year you grow with SOC 2?

There’s no better standard to baseline your information security and earn trust with a broad customer base.

AssuranceLab is a registered CPA and CA firm ready to help you earn trust with SOC 2 in the US and globally.

We provide end-to-end readiness and audit services, with a cloud-native and agile approach that enables you to work at your own pace.

alab-network-countries-and-employees

You’re in great company. We work with hundreds of fast-growing software companies across 13 countries, ranging in size from 2 to 26,000 employees.

alab-network-countries-and-employees-1

You’re in great company. We work with hundreds of fast-growing software companies across 20+ countries, ranging in size from 2 to 26,000+ employees.

HIPAA ATTESTATION

Is this the year you

grow with HIPAA?

HIPAA attestations demonstrate your secure and reliable handling of electronic healthcare information.

AssuranceLab is a registered CPA and CA firm ready to help you earn trust with HIPAA in the US and globally.

We provide end-to-end readiness and audit services, with a cloud-native and agile approach that enables you to work at your own pace.

alab-soc2-image
Sine-logo
Plexure-logo
salestrekker-logo
Nano-logo
Livepro-logo
Livehire-logo
Inlogik-logo
Humanforce-logo
Data-zoo-logo
Enboarder-logo
Dropsuite-logo
Checkbox-logo
Bravura-solutions-logo
rockt-logo
Civic Ledger Logo_Navy_Official

THE BENEFITS

Clear reasons to act

alab-international-credibility-icon

International
credibility

A globally recognised attestation
report to build trust at scale

alab-customer-confort-and-trust-icon

Customer comfort
and trust

A detailed report addressing crucial
customer due diligence questions

alab-minimal-business-disruption-icon

Minimal business
disruption

Agile and flexible audits that help minimise the disruption while meeting client deadlines

alab-choice-of-goalposts-icon

Choice of
goalposts

Optional control objectives to satisfy various technology and financial objectives.

alab-multi-standard-compliance-icon

Multi-standard
compliance

A strong starting point in meeting
multiple related frameworks,
standards and certifications

alab-recognition-of-partial-progress-icon

Recognition of
partial progress

The ability to achieve a HIPAA report
with outstanding issues or process improvements

THE PROCESS

Four Steps to HIPAA

left arrow right arrow
HIPAA Readiness Assessment

HIPAA Readiness Assessment

We built Pillar so you can assess your compliance with 30+ global standards. It helps you get started with a tailored view of your controls and any gaps to prepare for our compliance audits for one or more frameworks. And, Pillar is always free.

Remediation Support

Remediation Support

We guide you as you address any gaps and implement fit-for-purpose processes that align with your culture and the HIPAA requirements. Our flexible and responsive team helps you work through it at your own pace.

HIPAA Type 1 Audit

HIPAA Type 1 Report

We conduct the Type 1 audit at your pace to help you minimise disruption and learn through the process. Our iterative reviews and feedback helps you stay on track and achieve real operational benefits for your company.

HIPAA Type 2 Audit

HIPAA Type 2 Report

We conduct the Type 2 audits either at your pace within a defined timeline to suit your preference, or increasingly with our continuous audit practices that conduct the audits in the background throughout the year to minimise disruption and increased confidence in your compliance.

Get started your way.
We’re ready when you are!

FAQ

Your questions answered

Do I need a HIPAA attestation?

Regulations like HIPAA are mandatory obligations that apply if your data processing activities meet the criteria of the regulation. The regulation sets out the detailed compliance requirements. If you operate in accordance with those requirements, you are compliant, regardless of whether you issue an attestation report. 

An attestation report is used to provide third parties with evidence of your compliance activities with an independent audit that earns and maintains trust in your compliance. That’s especially important where your customers rely on your compliance for their own, eg. If they are using your software or services with the sensitive data of their customers.

Do I need to comply with HIPAA?

HIPAA is a mandatory regulation that applies to healthcare providers, health plans, healthcare clearinghouses, and business associates, eg. technology companies, that transmit electronic protected healthcare information (ePHI).

It is a federal law in the United States of America, but it is also viewed globally as the de-facto leading standard of expectation for handling ePHI, commonly relied upon and referenced by global healthcare companies.

What are Type 1 and Type 2 reports?

A Type 1 report attests to your compliance by design. It’s a snapshot in time that can be achieved by showing you have the right systems and processes in place to satisfy the HIPAA regulatory clauses.

A Type 2 report attests to your compliance by both design and operation over a period of time. It covers a period between 3-12 months to show your systems and processes have been operated consistently to satisfy the HIPAA regulatory clauses.

Usually, a Type 1 report is issued first to baseline compliance. That marks the start of the live and recurring Type 2 audit periods for reports issued annually.

What does HIPAA cover?

The HIPAA regulation specifies detailed clauses or criteria for what control activities are required to satisfy the requirements. These are broken down into the following areas:

  • Organisational Safeguards
  • Administrative Safeguards
  • Physical Safeguards
  • Technical Safeguards
  • Breach Safeguards

Can we reduce the audit work by using a compliance platform?

Yes. Unlike ISO 27001, there’s no prescribed audit days, so using automation can help auditors achieve the required level of comfort in your controls in less time. But that relies on an audit firm that’s familiar with the specific platform you’re using and that has an audit approach built for it. It also only works if the controls and scope of the audit are limited to the way the platform works. If you look to have customised controls or diverge from the way the platform works, it can cause additional work for the audit.

OTHER STANDARDS

Earn trust with other leading standards

alab-blended-audits-icon

Blended Audits

Combine two or more compliance frameworks into a single blended audit process without duplication to scale trust, not costs and effort.

alab-hipaa-icon

HIPAA

The de facto global and best practice standard for proving secure handling of electronic protected health information (ePHI).

alab-custom-framework-icon

Custom Frameworks

Manage any compliance obligations from customers, regulators or your own internal risk requirements with custom frameworks.

alab-iso-27001-icon

ISO 27001

An international framework to apply a structured and best practice methodology for managing information security.

alab-csa-star-icon

CSA STAR

A comprehensive, best practice standard for cloud security to achieve Level Two accreditation in the security, trust and risk (STAR) register.

alab-cdr-icon

Consumer Data Right

Access consumer data in Australia’s economy-wide open data regime with Consumer Data Right accreditation.

alab-esg-icon

ESG Reporting

A flexible and lightweight framework to report up to 500+ positive impact activities supporting environmental, social and governance (ESG) objectives.

alab-gdpr-icon

GDPR

The global gold-standard for privacy. GDPR is regulated for personal data collected from EU citizens, and an effective framework to satisfy enterprise customers globally.

alab-soc1-sox-itgc-icon

SOC 2

Trust services criteria to satisfy a broad customer base globally for security, availability, confidentiality, privacy and processing integrity.

alab-gdpr-icon

GDPR

The global gold-standard for privacy. GDPR is regulated for personal data collected from EU citizens, and an effective framework to satisfy enterprise customers globally.

GET IN CONTACT

Get started your way

We’re ready when you are

Can’t wait?

Our free products help you get started without any fuss:

pillar-tab-button-normal

The always-free GRC platform that powers trust for hundreds of technology companies.

policytree-tab-button-normal (1)

Our 40-minute policy generator; a better alternative to cookie-cutter templates.