Introducing Automated HIPAA Compliance

Drata releases its third framework in less than a year, helping automate HIPAA compliance and secure critical health information.

by Adam Markowitz

December 15, 2021
Introducing Automated HIPAA Compliance

According to the U.S. Department of Health and Human Services, more than 40 million individuals had protected health information compromised in 2021.

Drata is looking to help change that.

Since day one, Drata has set out to build the world’s most advanced security and compliance automation platform with the mission to help businesses earn and keep the trust of their users, customers, partners, and prospects.

That’s why today, Drata is taking a step forward that will continue to reinforce our commitment to helping customers safeguard protected health information (PHI). We are officially launching HIPAA as our third framework, granting existing and future customers peace of mind that they are adequately protecting customer data while also complying with the law.

So What is HIPAA Anyway?

Short answer: It’s not just an acronym you hear thrown around in the doctor’s office, it’s a federal law.

HIPAA requires the creation of national standards to protect sensitive patient health information from being used or disclosed without the patient’s consent or knowledge. The goal of HIPAA is to set and enforce security standards for protected health information. You can learn more about HIPAA here.

Drata has designed this framework directly with Business Associates, a company that works with PHI on behalf of a healthcare provider, in mind. Think: a SaaS company that monitors and analyzes someone’s heart rate through a connected device.

“We’ve built HIPAA with our customers in mind. When we were developing our HIPAA framework, we wanted to solve for two main concerns we heard over and over again: giving customers true peace of mind that they are complying with HIPAA, and saving them time by automating the process.”

Drata is proud to have built one of the most automated HIPAA platforms on the market. Here are some of the key features:

Advanced Automation and Integrations

With HIPAA, Drata is staying true to its roots as the most advanced automation and continuous monitoring platform. That means that we provide a library of more than 50+ integrations that will instantly connect to your tech stack and monitor your controls.

Automating HIPAA also has other advantages. If you’ve already completed SOC 2 or ISO 27001 with Drata, up to 81% overlap with SOC 2 and 75% crossover with ISO 27001.

There is naturally a lot of overlap between SOC 2 and HIPAA, but you will need to add a few elements to your SOC 2 report, including breach notifications and an expanded attestation report.

Pro tip: you can even bundle them both together and it will likely be a faster auditing experience

HIPAA Security Training

One of the key elements of HIPAA compliance is HIPAA security training. Drata is proud to be one of the few compliance automation platforms that will offer a HIPAA training.

Just like the security awareness training, HIPAA compliance training will be embedded in Drata’s platform, so employees never need to leave the app to complete it.

Drata’s HIPAA training will be rolling out in early 2022.

HIPAA Policy Templates

Policy templates can be cumbersome to create, meaning hours spent developing and customizing each policy. Drata currently has 20+ policy templates for customers to customize as needed. With the release of HIPAA, we will be adding three new templates to our library.

The business associate policy also includes a business associate agreement template. This allows a business associate to access PHI from a covered entity. Additional addendums will be available for other policies in order to address HIPAA-specific requirements.

Streamlined Dashboard and Experience

With HIPAA, Drata is providing the same streamlined user experience and interface that existing customers have come to know and love. You have one dashboard giving you a central view of your security and compliance posture at any time. Manage all of your security needs and controls in one place.

Interested in learning more about Drata’s HIPAA platform? Let’s chat.

Trusted Newsletter
Resources for you
Image - Drataverse '24 Agenda Preview

GRC Growth: Sneak Peek Into the Drataverse ‘24 Agenda

Join us at RSA

FOMO Alert: Why You Won’t Want to Miss Drata at RSA

Harmonize Announcement

Welcoming Harmonize To the Drata Family

Adam Markowitz
Adam Markowitz is the co-founder and CEO of Drata, a continuous security and compliance automation platform. Prior to Drata, Adam was the founder and CEO of Portfolium, an academic portfolio network for students and alumni to visually showcase their work and projects directly to employers, faculty, and fellow students/alumni. Portfolium was acquired by Instructure (NYSE:INST) in 2019. He also worked as an aerospace engineer designing, analyzing and testing liquid rocket engines for NASA’s next generation space launch vehicle as well as the Space Shuttle Main Engine. Adam earned a B.S. in Structural Engineering from UC San Diego and an M.S. in Astronautical Engineering from the University of Southern California.
Related Resources
HIPAA vs HITRUST hero image

HIPAA vs. HITRUST: Key Differences Explained

HIPAA Compliance Checklist Hero

HIPAA Compliance Checklist: Essential Steps for Compliance [2023]

HIPAA Compliance Healthtech

HIPAA Compliance: How Healthtech Companies Can Remain Compliant

How to Conduct a HIPAA Risk Assessment (1)

How to Conduct a HIPAA Risk Assessment