HIPAA compliance is complicated, but it doesn't have to be. We chose to rely on Catalyze's open sourced HIPAA documentation for compliance requirements at 1healthy.world. Doing so helps us focus on building and improving our cloud-based software for care teams and their patients.
Our policies have been written with our modern, cloud-based technology application in mind. Importantly, the original policies these were built from have been through three external audits—two HIPAA audits and one HITRUST audit.
HIPAA compliance really has two halves. The first half includes all technical guidelines, both physical and digital. Compliant companies take measures to secure their hardware and manage their software in a certain way. Encryption, logging, monitoring—these are just a few examples of HIPAA technical requirements. 1healthy.world built its software with these guidelines in mind.
The second half of HIPAA is focused on administrative and organizational activities. This includes signing Business Associate Agreements (BAAs), and managing company policies like training, among other things. Crafting company policies that align with HIPAA administrative guidelines are straightforward, but an immense burden.
When we were creating our policies, we found lots of policy templates for healthcare providers, but nothing for modern health technology companies. Catalyze spent a lot of time and effort writing these policies, then adapting them to meet the demands of external audits. We didn't want to reinvent the wheel and would rather be delivering value to our care teams and their patients.
All policies are licensed under CC BY-SA 4.0. We acknowledge and thank Catalyze for providing the framework for 1healthy.world's HIPAA compliance documentation.
- Introduction
- HIPAA Inheritance for SaaS Customers
- HIPAA Inheritance for Platform Add-on Customers
- Policy Management Policy
- Risk Management Policy
- Roles Policy
- Data Management Policy
- System Access Policy
- Auditing Policy
- Configuration Management Policy
- Facility Access Policy
- Incident Response Policy
- Breach Policy
- Disaster Recovery Policy
- Disposable Media Policy
- IDS Policy
- Vulnerability Scanning Policy
- Data Integrity Policy
- Data Retention Policy
- Employees Policy
- Approved Tools Policy
- 3rd Party Policy
- Key Definitions
- 1healthy.world HIPAA Business Associate Agreement (“BAA”)
- HIPAA Mappings to 1healthy.world Controls