Introducing Automated HIPAA Compliance

According to the U.S. Department of Health and Human Services, more than 40 million individuals had protected health information compromised in 2021.

Drata is looking to help change that.

Since day one, Drata has set out to build the world’s most advanced security and compliance automation platform with the mission to help businesses earn and keep the trust of their users, customers, partners, and prospects.

That’s why today, Drata is taking a step forward that will continue to reinforce our commitment to helping customers safeguard protected health information (PHI). We are officially launching HIPAA as our third framework, granting existing and future customers peace of mind that they are adequately protecting customer data while also complying with the law.

So What is HIPAA Anyway?

Short answer: It’s not just an acronym you hear thrown around in the doctor’s office, it’s a federal law.

HIPAA requires the creation of national standards to protect sensitive patient health information from being used or disclosed without the patient’s consent or knowledge. The goal of HIPAA is to set and enforce security standards for protected health information. You can learn more about HIPAA here.

Drata has designed this framework directly with Business Associates, a company that works with PHI on behalf of a healthcare provider, in mind. Think: a SaaS company that monitors and analyzes someone’s heart rate through a connected device.

“We’ve built HIPAA with our customers in mind. When we were developing our HIPAA framework, we wanted to solve for two main concerns we heard over and over again: giving customers true peace of mind that they are complying with HIPAA, and saving them time by automating the process.”

Drata is proud to have built one of the most automated HIPAA platforms on the market. Here are some of the key features:

Advanced Automation and Integrations

With HIPAA, Drata is staying true to its roots as the most advanced automation and continuous monitoring platform. That means that we provide a library of more than 50+ integrations that will instantly connect to your tech stack and monitor your controls.

Automating HIPAA also has other advantages. If you’ve already completed SOC 2 or ISO 27001 with Drata, up to 81% overlap with SOC 2 and 75% crossover with ISO 27001.

There is naturally a lot of overlap between SOC 2 and HIPAA, but you will need to add a few elements to your SOC 2 report, including breach notifications and an expanded attestation report.

Pro tip: you can even bundle them both together and it will likely be a faster auditing experience

HIPAA Security Training

One of the key elements of HIPAA compliance is HIPAA security training. Drata is proud to be one of the few compliance automation platforms that will offer a HIPAA training.

Just like the security awareness training, HIPAA compliance training will be embedded in Drata’s platform, so employees never need to leave the app to complete it.

Drata’s HIPAA training will be rolling out in early 2022.

HIPAA Policy Templates

Policy templates can be cumbersome to create, meaning hours spent developing and customizing each policy. Drata currently has 20+ policy templates for customers to customize as needed. With the release of HIPAA, we will be adding three new templates to our library.

The business associate policy also includes a business associate agreement template. This allows a business associate to access PHI from a covered entity. Additional addendums will be available for other policies in order to address HIPAA-specific requirements.

Streamlined Dashboard and Experience

With HIPAA, Drata is providing the same streamlined user experience and interface that existing customers have come to know and love. You have one dashboard giving you a central view of your security and compliance posture at any time. Manage all of your security needs and controls in one place.

Interested in learning more about Drata’s HIPAA platform? Let’s chat.