HIPAA and FDA GxP (21 CFR Parts 11 and 820)
As a medical solution vendor to the US market you must require from your subcontractors compliance to HIPAA and GxP guidelines.
The BioT software development practices include the internal "HIPAA checklist" guidelines that ensure that every feature that is added to BioT is HIPAA eligible.
Internally BioT adheres to the following HIPAA policies:
- Data Security Policy
- Global Information Technology Policy
- Disaster Recovery Policy
- Business Continuity Plan
- Use and Disclosure of PHI
- Privacy Training
- Sanctions for Privacy and Security Violations
- Safeguarding/Retrieval of Service Record
- Security of PHI
- Breach Analysis
- Security Management Process
- Workforce Security
- Information Access Management
- Security and Awareness Training
- Security Incident Reporting
- Contingency Plan
- Evaluation
- Quality Access Controls
- Workstation Use and Security
- Device and Media Controls
- Controls: Technical Safeguards
- Integrity Controls
- Person or Entity Authentication
- Transmission Security
- Risk Assessment & Risk Management
- Facility Access Controls
BioT clients enjoy Business Associate Agreement (BAA) agreements with BioT that offload their cyber security and privacy liability.
Updated about 1 year ago