HIPAA and FDA GxP (21 CFR Parts 11 and 820)

As a medical solution vendor to the US market you must require from your subcontractors compliance to HIPAA and GxP guidelines.

The BioT software development practices include the internal "HIPAA checklist" guidelines that ensure that every feature that is added to BioT is HIPAA eligible.

Internally BioT adheres to the following HIPAA policies:

  1. Data Security Policy
  2. Global Information Technology Policy
  3. Disaster Recovery Policy
  4. Business Continuity Plan
  5. Use and Disclosure of PHIPHI - Protected Health Information under the U.S. law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity, and can be linked to a specific individual.
  6. Privacy Training
  7. Sanctions for Privacy and Security Violations
  8. Safeguarding/Retrieval of Service Record
  9. Security of PHI
  10. Breach Analysis
  11. Security Management Process
  12. Workforce Security
  13. Information Access Management
  14. Security and Awareness Training
  15. Security Incident Reporting
  16. Contingency Plan
  17. Evaluation
  18. Quality Access Controls
  19. Workstation Use and Security
  20. Device and Media Controls
  21. Controls: Technical Safeguards
  22. Integrity Controls
  23. Person or Entity Authentication
  24. Transmission Security
  25. Risk Assessment & Risk Management
  26. Facility Access Controls

BioT clients enjoy Business Associate Agreement (BAA) agreements with BioT that offload their cyber security and privacy liability.


Did this page help you?