🛡️ STATUS BADGE: 🟢 ELIGIBLE (Self-Hosted)
Executive Summary: What is it?
The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law that mandated the creation of national standards to protect sensitive patient health information (PHI) from being disclosed without the patient's consent or knowledge.
CFO / Business Impact: What does it cost/risk?
- Healthcare Market Access: Mandatory for any software touching PHI in the US healthcare system.
- Liability Management: Ensures strict data handling protocols to prevent breaches and subsequent legal action.
Technical Reality: How does it work?
- Audit Logging: Every access to PHI must be logged, timestamped, and unalterable.
- Encryption: Data must be encrypted at rest and in transit using NIST-approved algorithms.
- RBAC: Strict "Need to Know" access controls must be enforced.