UNDERSTANDING HIPAA
What businesses need to know
The U.S. Health Insurance Portability and Accountability Act of (HIPAA) was introduced in 1996 and established a set of standards to ensure the protection of sensitive patient health information (PHI). A key part of HIPAA is the Privacy Rule, and the Security Rule protecting a subset of electronic PHI (ePHI).
What information is covered?
“Individually identifiable health information” including information related to a patient’s medical conditions, health care provided, healthcare payment information, or other data of which could be reasonably be used to identify the patient or individual.
Who does HIPAA apply to?
“Covered entities” according to HIPAA are healthcare providers, health plans above a certain size, clearinghouses and businesses who do business with the covered entity that HIPAA applies to (put another way, software that a covered entity uses would be one example of this).
What does HIPAA specify?
The HHS website contains a number of useful summaries, but in a nutshell, HIPAA and its Privacy and Security rules set standards around data subject access and amendment, provide clarity around privacy practices, and require the implementation of administrative, technical, and physical safeguards to protect PHI and ePHI.
TRANSCEND FOR HIPAA
Sensitive data, robust privacy protections
Whether your company collects Protected Health Information (PHI) protected under the Health Insurance Portability & Accountability Act (HIPAA) or health-related data covered by GDPR and other laws, get the protection you need and more, right out of the box with Transcend.
Complete visibility
Wherever your company's ePHI lives, Transcend uncovers systems and classifies content to seamlessly handle both HIPAA and wider data privacy compliance.
Industry-leading security
Adhere to HIPAA’s Security Rule safeguard with a platform engineered from the ground up to be secure by design, including end-to-end encryption (an industry first), granular admin access controls, multiple data subject authentication methods, and more.
Easy management, full control
Transcend makes it easy to put privacy on autopilot without losing oversight and visibility—and crucially, without draining resources. From audit trails to Single-Sign On and systems integrations, our platform is built to fit the unique needs of healthcare organizations.
TRANSCEND PRIVACY REQUESTS
Effortless automation of patient data requests
HIPAA’s Privacy Rule mandates that covered entities give patients certain rights to access and amend the PHI you hold on them.
Transcend Privacy Requests makes this easy, allowing self-serve access, deletion, or modification of a patient’s data or preferences across your tech stack—all while respecting any PHI access exceptions your institution requires.
BRANDED PRIVACY CENTER
Clear privacy practices, self-serve data rights
The patient-facing Privacy Center is a cornerstone of any Transcend Privacy Request implementation. Move your patient privacy request operations beyond outdated email inboxes, and provide both a notice of your organization’s privacy practices to your patients in a clear and digestible manner, while securely handling privacy requests and subsequent communications.
INDUSTRY-LEADING SECURITY
The strongest controls for Security Rule compliance
HIPAA’s Security Rule outlines a number of safeguards organizations need to put in place to protect electronic PHI, including access and audit controls, integrity controls, and more.
Transcend’s suite of industry-leading security measures ensures compliance with these controls out-of-the-box, including role-based access, audit trails, deterministic queries, end-to-end encryption, and more.
COVERAGE WITHOUT COMPLEXITY
No matter what system or where data is stored, you’re covered
From your patient database to your email platform, from HIPAA to GDPR and California’s CCPA, and from newsletter opt-outs to account deletions—Transcend covers it all with precise data operations. We've engineered our platform with flexibility, so you can overcome the privacy hurdles of today and the needs of tomorrow with peace of mind.
"We needed a solution that would evolve with ever-changing privacy regulations. Transcend's configurable integrations lets us easily support different parameters, unique business conditions, and state by state privacy laws. It allows us to be prepared for new laws before they come into effect, and frees our team up from chasing new privacy request requirements."
Petr Hecko | Lead DevOps Engineer, Hims & Hers