Skip to content


8 recommendations for HIPAA compliance

As a BA I am often asked to research different topics and present my findings to companies that I work with. I recently put together a requirements recommendation document for PHI related software. Companies are in charge of determining their own HIPAA compliance standards so it is difficult to list every rule that one would need to be HIPAA compliant. I put together a list of 8 HIPAA compliance recommendation based on my research.

1. Assign an Information security officer (ISO) or HIPAA Compliance officer to oversee HIPAA policies are met. The ISO will be responsible for rules, policies, implementation, standards, etc.
2. Data must be encrypted or masked when transmitting data from one source or location to another.
3. Backup and restore features for data must be possible. This should be part of a disaster recovery plan.
4. Data must not be able to be tampered with, if so then a report should be generated identifying what has been tampered.
5. Data must be kept for 6 years from time of creation (this can also include from last updated).
6. Stored data must be encrypted or masked.
7. The data must only be accessible by authorized users.
8. Data must be able to be permanently deleted if requested.

Health Insurance Portability and Accountability Act

Posted in Business Analyst.

Tagged with , , , , , , .