HIPAA (Health Insurance Portability and Accountability Act)

The Health Insurance Portability and Accountability Act is a U.S. federal law establishing national standards for the protection of sensitive patient health information. Organizations that share protected health information (PHI) with third-party vendors are required to execute Business Associate Agreements (BAAs) and verify that those vendors maintain appropriate safeguards. HIPAA compliance is a critical dimension of third-party risk management for healthcare organizations and their supply chains. Black Kite's Compliance Rating maps vendor security controls to HIPAA requirements.