I’m in-house at a young tech company and the biz wants to explore offering a version of the product for covered entities under HIPAA. I only have a basic understanding of BA and BAA requirements, so would need to engage outside counsel. But before that step, are there any tools/resources our product team can use to assess if there are any big gaps between what we offer and something that meets HIPAA’s security requirements? Just want a better idea of how large of an undertaking this would be

like
Posting as :
works at
You are currently posting as works at

HHS site offers “audit protocol”. It’s HUNDREDS of lines, but that’s exactly what you need to review and go thru with your product team.

Make sure you’re not under FDA (medical devices, etc) as those rules would also be required.

likehelpful

Same site also has baseline BAA language

Related Posts

Is Huron hiring right now?

like

I just left my job where I managed a community of 20-somethings and am about to start managing a community of people in their 40s. How different will it be?

like

#GenesisOne
Pre-Launch - Monday, November 5, 2018

Post Photo

Anyone working at Riot Blockchain and can tell me more about this company? How is the wlb there? Does this company have future?

like

In-house comp at firms like KKR or Blackstone? Thx in advance.

like

Hello all, anyone know people who are seeking Azure, AWS, or web design professionals? Always looking to help people in these areas. Thanks in advance ;)

like

Why are properties in NYC so damn expensive? At this point should I just move elsewhere?

like

Everyone keeps saying that the real estate market is going to bounce back soon. At this point I'm more likely to believe that unicorns will take over the world

like

hi
what is the component called other allowances and reimbursement 1 and 2 ? for what purpose its used ?

like

I don't know if anyone can answer this. But how much do most civil engineers make? There are so many conflicting reports about "overpaid consultants" and it's almost impossible to get an actual answer

like

How do you rate ServiceNow GRC vs leading competitors, Archer eGRC, Diligent HighBond/RSAM, Zen GRC, etc.?

like

Do you anyone looking for opening in Infosys. Please do inbox me.
While sending profile share your location preferences and date of birth.

like

Do you think Mainframe die soon? Give approx years

like

Hi Fishes,
How much is the variable pay in Accenture Strategy-CN vertical at management consultant level?
Also, please provide info. on WLB and kind of projects in Industrial vertical

like

Hi I am holding an offer from both Bdo rise and wellsfargo and the package is same 14 LPA. I am bit confused as the role eat bdo rise offering is quite good but not sure about the culture and other wlb in bdo rise Can anyone suggest which one will be good wellsfargo or bdo rise..

like

Hey fishes
I am looking for job opportunities for myself, i've 6 years of experience in finance and accounting domain ( Accounts Payable ).
It will be great help if anyone can refer me.

Where do you find the time to get everything done in the day when you have multiple partners, associates and equity partners that interrupt you and want things turned around immediately while simultaneously working on deadlines? I feel like I’m the only one that can’t manage a 70+ case load without letting someone down. I constantly have to say “Can I do this tomorrow?” Etc. I don’t even have time to bill on the clock. I work until 7p at least every night. Top 10 family law firm.

like

Did you vote? I finally made time after work yesterday.

like

Got an offer as Senior Consultant 1 from CAPCO, earlier designation Sr Business Analyst. What is the growth perspective? Is it worth considering with 30% hike from current package?

like

Additional Posts in Privacy Law

How Much Can You Sue an
Employer for Not Paying You?

like

Anyone here work at Meta? Looking for a referral for a privacy role

like

Hello, MSL grad student here, looking for externships 🙏

Can anyone share a salary range for a non-attorney with a JD and 1 YOE handling incident response and contract negotiations?

like

Planning to take the CIPP and CIPM. Will be doing self-study. What is the “book” everyone refers to for studying? Is it just the “study guide” the IAPP sells? Does anyone know if the study guides and sample questions you can buy on amazon are sufficient to use for passing? Appreciate any and all advice.

like

After obtaining CIPP certification, I am starting a data privacy practice group at my law firm. I’m looking for tips on how to get started: what are your recommendations for preparing internal documents/templates, staff training, client development and best practices for advising clients, etc.?

likeuplifting

How did you break into privacy law? What are the pro/con’s?

like

How can I stop data brokers from selling my information to political campaigns & other Ad compaigns? I don't live in California so CCPA does not apply to me..

like

What industry in Atlanta offers the best prospects (most demand) for privacy law/compliance exits?

like

Anyone take the CIPM recently? How was it?

like

Can you incorporate SCCs by reference in a DPA?

like
like

Any firms/companies hiring in their privacy group? Looking for fully remote or TX

like

How do you all do data mapping? Any good resources or software/useful visualization tools you recommend?

like

Has anyone been successful negotiating a “breach notification costs” provision in contracts with vendors? What are some good args to include it? I feel like vendors generally flat out say “no”, but I have seen some contracts where vendors were willing to include it and I’m wondering how that happened 😁

like

So as a 30ish yo with a government/PE/tech background and CIPM/CIPP… I’m finding privacy work is just much easier and interesting than other kinds, but still pays plenty well.

Is it too late/inadvisable to go to law school to specifically aim for privacy work?

I just find some firms are unwilling to entertain the idea that anyone but a lawyer has anything relevant to contribute in this space…

like

Hi all! I’m inclined on taking up the CIPM training and certification exam. I’m already a certified Data Protection Officer in the Philippines. I intend on skipping CIPP as it applies to the US and EU.

How difficult was the exam? Can you share your experience studying for the CIPM exam? Is it advisable to skip CIPP?

Many thanks in advance.

like

What are the best resources you’ve found that walks you through step-by-step, the data incident management process and what to ask your client?

like

In terms of taking the next step to elevate your career- what items are you heavily focusing on? I have speciality in data governance as well as product counseling, but curious to know what others find most helpful in their practice areas.

likehelpful

Anyone have any CIPP/US practice questions besides the 30 from the IAPP?

like

New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here

Share

Embed this post

Copy and paste embed code on your site

Preview

Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Scan your QR code to download
Fishbowl app on your mobile

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or

General

Legal