HIPAA and FDA GxP (21 CFR Parts 11 and 820)

As a medical solution vendor serving the U.S. market, you must ensure that your subcontractors comply with HIPAA and GxP guidelines.

At BioT, our software development practices incorporate an internal HIPAA Checklist, ensuring that every new feature meets HIPAA compliance requirements.

Internally, BioT adheres to the following HIPAA policies:

1. Data Security Policy
2. Global Information Technology Policy
3. Disaster Recovery Policy
4. Business Continuity Plan
5. Use and Disclosure of PHI
6. Privacy Training
7. Sanctions for Privacy and Security Violations
8. Safeguarding/Retrieval of Service Record
9. Security of PHI
10. Breach Analysis
11. Security Management Process
12. Workforce Security
13. Information Access Management
14. Security and Awareness Training
15. Security Incident Reporting
16. Contingency Plan
17. Evaluation
18. Quality Access Controls
19. Workstation Use and Security
20. Device and Media Controls
21. Controls: Technical Safeguards
22. Integrity Controls
23. Person or Entity Authentication
24. Transmission Security
25. Risk Assessment & Risk Management
26. Facility Access Controls

BioT clients benefit from Business Associate Agreements (BAAs)** that shift cybersecurity and privacy liability to BioT, ensuring regulatory compliance and reducing risk exposure.

As part of 21 CFR Part 11 compliance, customers must establish and enforce written policies that hold individuals accountable for actions taken under their electronic signatures. These policies help deter record and signature falsification, ensuring data integrity and regulatory adherence.