← Glossary · Compliance
HIPAA
US law protecting Protected Health Information (PHI) held by covered entities and business associates.
HIPAA's Security Rule requires administrative, physical, and technical safeguards for electronic PHI. The Privacy Rule governs use and disclosure. Business associates handling PHI on behalf of covered entities must sign a Business Associate Agreement (BAA).
There is no HIPAA certification. Compliance is demonstrated through documented safeguards, risk analysis, and evidence — and enforced by HHS OCR.
See how Scarlet Risk covers HIPAA.
One platform for compliance, cyber, crypto, and world-watch risk.
Schedule Live Demo