Coming Q3 2026

HIPAA compliance,without the healthcare complexity.

Protect patient data with autonomous PHI discovery, continuous safeguard monitoring, and automated Business Associate Agreement tracking — across all three HIPAA safeguard categories.

3 safeguard categories

BAA management included

Q3 2026 launch target

Framework Overview

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is the United States federal law governing the protection of Protected Health Information (PHI). It applies to Covered Entities — healthcare providers, health plans, and healthcare clearinghouses — and their Business Associates.

Covered Entities

Healthcare providers (hospitals, clinics, physicians)

Health plans (insurance companies, HMOs, Medicare/Medicaid)

Healthcare clearinghouses processing claims

Business Associates

SaaS vendors processing PHI on behalf of covered entities

Cloud service providers hosting health data

Analytics companies processing health information

Any subcontractor with access to PHI

Note: HIPAA violations carry civil penalties up to $1.9 million per violation category per year, and criminal penalties including prison time for wilful neglect. The OCR has levied over $130 million in penalties since 2008.

Safeguard Categories

Three layers of PHI protection.

Administrative Safeguards

Policies, procedures, and workforce management that protect PHI.

Security Officer designation

Risk analysis and risk management

Workforce training and management

Contingency planning

Evaluation and audit controls

Physical Safeguards

Physical measures protecting electronic information systems and related equipment.

Facility access controls

Workstation use policies

Workstation security measures

Device and media controls

Data backup and storage policies

Technical Safeguards

Technology and policy controls that protect PHI and control access to it.

Access control and unique user identification

Emergency access procedures

Automatic logoff

Encryption and decryption

Audit logs and integrity controls

PHI Inventory Mapping

Automatically discover and classify where Protected Health Information resides across your systems and third-party relationships.

Business Associate Management

Track Business Associate Agreements (BAAs), monitor third-party compliance posture, and manage the full lifecycle of BA relationships.

Breach Detection & Response

Automated incident workflows with HIPAA-specific breach assessment logic to determine notification obligations under the Breach Notification Rule.

Risk Analysis Automation

The HIPAA Security Rule requires a current risk analysis. ONTRACE.AI keeps it current automatically — not just at the annual review.

Available Now

ISO 27001 mirrors HIPAA's safeguard structure.

HIPAA's administrative, physical, and technical safeguards map closely to ISO 27001's Annex A organisational, physical, and technological controls. Building an ISO 27001 ISMS now creates a foundation that substantially satisfies HIPAA's Security Rule requirements.

Join the Waitlist