Ask HN: Is there an industry preferred HIPAA compliance certification?
Hi HN, I run an Australian digital therapeutics company launching in the US. Basically, being HIPAA compliant is easy enough these days but the trouble is demonstrating this to clients (health payers in particular). Although you don't need certification to be compliant, I wonder if there is a preferred non-official certification that insurers and the like consider highly and would help to make their due diligence of our program more efficient. Any help appreciated!
3 comments
[ 3.0 ms ] story [ 16.0 ms ] threadMore recently they will ALSO require you (not just your hosting provider, eg AWS) are SOC2 compliant even though there is 99.9% overlap across requirements. Why? Cuz someone in legal now requires that for all vendor contracts.
Efficiency is not their goal. Weeding out small players without the stamina and capital to survive a 36 month sales cycle is their goal.