Key Points The HIPAA Privacy Rule protects patient data while still enabling sharing between authorized entities for treatment, operations, or payment purposes. For reasons other than these, covered entities and their business associates must seek authorization from the patient via a signed HIPAA release form. The HIPAA release form should be written in plain language…
Key Points HIPAA compliance involves the process that covered entities and business associates must follow to protect and safeguard protected health information (PHI) as is required for HIPAA certification. Covered entities are individuals who use and have access to PHI and business associates are individuals who work with covered entities in a non-healthcare capacity and…
Key Points HIPAA certification implies that a company has passed the HIPAA compliance audit and its employees have the requisite knowledge to comply company’s policies and procedures. Certification-related documents must be possessed for at least six years although it is best practice to conduct annual refresher training. The HHS does not endorse or recognize any…
Key Points GDPR data processors and data controllers have distinct roles under the GDPR and varying degrees of responsibility. However, both parties work jointly to maintain transparency, accountability, and data protection. A GDPR data controller is a person or body which, alone or jointly with others, determines the purpose of and the means by which…
Key Points GDPR certification enables individuals and entities to obtain a certification from a European Data Protection Board-approved certification body that demonstrates to customers and to the EU that it is GDPR-compliant. Non-compliance attracts heavy fines up to €20 million or 4 percent of the company’s annual revenue in the previous financial year, whichever is…
Key Points The GDPR requires any cloud-hosted company processing EU citizens’ data to inform its customers about its data processing principles and processes via a privacy policy. The GDPR privacy policy should be detailed, comprehensive, and include GDPR-specific clauses like data subject rights and contact information for your DPO and/or EU/UK representative. Introduction GDPR requires…
Key Points GDPR cookie consent involves obtaining users’ consent to activate cookies to collect specific data on a website. Consent may be given for all cookies, for specific cookies, or for no cookies at all. Cookies are considered “online identifiers,” part of personal data. Cookie compliance involves GDPR cookie policy, GDPR cookie consent banners, and…
Milestone alert: BuyerAssist is now SOC-2 certified! ✅ 🚀 We are thrilled to announce that one of our prestigious customers, BuyerAssist, has cleared the audit and is now SOC-2 certified in just 6 sessions with the help of Sprinto. Wait, what? Yes, BuyerAssist’s strong team + Sprinto’s powerful automation tool made it possible. What’s SOC 2? …
End of content
End of content