Vanta automates compliance starting with SOC 2
Please enter your first name
Please enter your last name
Please enter a valid email address
Please enter a job title
Please enter your company name
Please enter your company website
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
👋
We'll be at SaaStr, Sep. 27-29. Come meet the team at booth 415!
Read More >

Determine which annual audits and assessments are required for your company

Checklist items

Perform and document ongoing technical and non-technical evaluations, internally or in partnership with a third-party security and compliance team like Vanta

Review the U.S. Dept of Health and Human Services Office for Civil Rights Audit Protocol

Conduct required HIPAA compliance audits and assessments

Checklist items

Perform and document ongoing technical and non-technical evaluations, internally or in partnership with a third-party security and compliance team like Vanta

Review the U.S. Dept of Health and Human Services Office for Civil Rights Audit Protocol

Document your plans and put them into action

Checklist items

Document every step of building, implementing, and assessing your compliance program

Vanta’s automated compliance reporting can streamline planning and documentation

Appoint a security
and compliance point person
in your company

Checklist items

Designate an employee as your HIPAA Compliance Officer

Schedule annual HIPAA training for all employees

Checklist items

Distribute HIPAA policies and procedures and ensure staff read and attest to their review

Document employee trainings and other compliance activities

Checklist items

Thoroughly document employee training processes, activities, and attestations

Establish and communicate clear breach report processes
to all employees

Checklist items

Ensure that staff understand what constitutes a HIPAA breach, and how to report a breach

Implement systems to track security incidents, and to document and report all breaches

Institute an annual review process

Checklist items

Annually assess compliance activities against theHIPAA Rules and updates to HIPAA

Continuously assess and manage risk

Checklist items

Build a year-round risk management program and integrate continuous monitoring

Understand the ins and outs of HIPAA compliance— and the costs of noncompliance

Determine which annual audits and assessments are required for your company

Checklist items

Perform and document ongoing technical and non-technical evaluations, internally or in partnership with a third-party security and compliance team like Vanta

Review the U.S. Dept of Health and Human Services Office for Civil Rights Audit Protocol

Conduct required HIPAA compliance audits and assessments

Checklist items

Perform and document ongoing technical and non-technical evaluations, internally or in partnership with a third-party security and compliance team like Vanta

Review the U.S. Dept of Health and Human Services Office for Civil Rights Audit Protocol

Document your plans and put them into action

Checklist items

Document every step of building, implementing, and assessing your compliance program

Vanta’s automated compliance reporting can streamline planning and documentation

Appoint a security and compliance point person in your company

Checklist items

Designate an employee as your HIPAA Compliance Officer

Schedule annual HIPAA training for all employees

Checklist items

Distribute HIPAA policies and procedures and ensure staff read and attest to their review

Document employee trainings and other compliance activities

Checklist items

Thoroughly document employee training processes, activities, and attestations

Establish and communicate clear breach report processes
to all employees

Checklist items

Ensure that staff understand what constitutes a HIPAA breach, and how to report a breach

Implement systems to track security incidents, and to document and report all breaches

Institute an annual review process

Checklist items

Annually assess compliance activities against theHIPAA Rules and updates to HIPAA

Continuously assess and manage risk

Checklist items

Build a year-round risk management program and integrate continuous monitoring

Understand the ins and outs of HIPAA compliance— and the costs of noncompliance

Everything you need to get HIPAA compliance audit ready, fast.

Vanta is “security in a box” for technology companies, trusted by hundreds. Our continuous monitoring software and robust range of automated checks can help you get compliance audit-ready, fast. Vanta can help your company:

  • Build a statement of applicability describing how you control for each HIPAA safeguard
  • Track how ePHI flows through your system and access points
  • Track HIPAA tasks like employee training
  • Develop a breach notification policy and template
  • Prepare for your HIPAA audit fieldwork… and more
GET STARTED
Compliance and security automation

Your HIPAA Compliance Checklist

HIPAA is intended to keep protected health information (PHI) safe and secure. HIPAA compliance is essential for covered entities and business associates and means abiding by the HIPAA Rules. Your company must implement and document comprehensive administrative, physical, and technical security safeguards.

Sound complicated? Our HIPAA compliance checklist will help simplify your path to compliance.

STEP 1

Determine which annual audits and assessments are required for your company

Perform a readiness assessment and evaluate your security against HIPAA requirements

Review the U.S. Dept of Health and Human Services Office for Civil Rights Audit Protocol

STEP 2

Conduct required HIPAA compliance audits and assessments

Perform and document ongoing technical and non-technical evaluations, internally or in partnership with a third-party security and compliance team like Vanta

STEP 3

Document your plans and put them into action

Document every step of building, implementing, and assessing your compliance program

Vanta’s automated compliance reporting can streamline planning and documentation

STEP 4

Appoint a security and compliance point person in your company

Designate an employee as your HIPAA Compliance Officer

STEP 5

Schedule annual HIPAA training for all employees

Distribute HIPAA policies and procedures and ensure staff read and attest to their review

STEP 6

Document employee trainings and other compliance activities

Thoroughly document employee training processes, activities, and attestations

STEP 7

Establish and communicate clear breach report processes
to all employees

Ensure that staff understand what constitutes a HIPAA breach, and how to report a breach

Implement systems to track security incidents, and to document and report all breaches

STEP 8

Institute an annual review process

Annually assess compliance activities against theHIPAA Rules and updates to HIPAA

STEP 9

Continuously assess and manage risk

Build a year-round risk management program and integrate continuous monitoring

Understand the ins and outs of HIPAA compliance— and the costs of noncompliance

Download this checklist for easy reference

DOWNLOAD NOW

Additional HIPAA Resources

The SOC 2 Compliance Checklist

Read More

Vanta's guide to SOC 2

Read More

What does a SOC 2 audit cost?

Read More

“Getting our SOC 2 and HIPAA was an absolute game-changer for the way that Nayya is able to sell into larger companies.”

Akash Magoon  | Co-Founder + Chief Technology Officer, Nayya

Everything you need to get compliance audit ready, fast.

GET STARTED

Vanta is the easy way to get SOC 2, HIPAA, or ISO 27001 compliant. Over 1500 fast-growing companies trust Vanta to automate their security monitoring and get ready for security audits in weeks instead of months. Simply connect your tools to Vanta, fix the gaps on your dashboard, and then work with a Vanta-trained auditor to complete your audit. We'll guide you throughout the process and help tailor your security monitoring and compliance to meet the needs of you and your customers. Vanta was founded in 2017 and headquartered in San Francisco.

Products
SOC 2HIPAAISO 27001PCI DSS coming soonIntegrations
Customers
Customer Case Studies
Resources
BlogGuidesGlossaryWebinars
Company
AboutCareers
Manage CookiesTermsPrivacy

By clicking “Accept”, you agree to the use of cookies on your device in accordance with our Privacy and Cookie policies.

Manage CookiesACCEPT
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.