HIPAA · Preparation Kit

HIPAA Readiness for Vietnamese HealthTech

HIPAA preparation materials for Vietnamese HealthTech, from identifying PHI, signing BAAs, to building Technical Safeguards. For companies targeting the US market.

Get pTrackly support →

1. Identify PHI and Business Associate status

  • 18 PHI identifiers: name, DOB, address, phone, email, medical record number...
  • Determine: are you a Covered Entity or Business Associate?
  • Map data flows, which systems does PHI pass through?
  • Identify all Business Associates requiring BAAs

2. Business Associate Agreements (BAA)

  • Sign BAA with AWS/GCP/Azure if PHI stored there
  • BAA with email provider, support tools, analytics if they access PHI
  • BAA template: must include use limitation, security, breach reporting clauses
  • Track all signed BAAs and expiry dates

3. Technical Safeguards

  • Access Control: unique user IDs, automatic logoff, encryption
  • Audit Controls: log PHI access (who, when, what)
  • Integrity: verify PHI is not altered or destroyed
  • Transmission Security: encrypt PHI in transit (TLS 1.2+)
  • Encryption at rest for all PHI storage

4. Administrative Safeguards

  • Designate Privacy Officer and Security Officer
  • Mandatory HIPAA training for all workforce
  • Contingency Plan: backup, disaster recovery, emergency access
  • Sanction Policy: handle staff HIPAA violations
  • Risk Analysis and Risk Management mandatory

5. Breach Notification

  • Threshold: impermissible use/disclosure of PHI is a breach (unless passing 3-part test)
  • Notify individuals: 60 days after discovery
  • Notify HHS: within 60 days (>500 persons) or annual report (<500)
  • Notify media if >500 persons in same state

pTrackly helps you implement HIPAA faster with ready-made templates and automated evidence collection.

Get Free Demo

Ready to get audit-ready?

Book a 15-minute call. See the platform. Decide if it fits.

Book Free Demo 15 min, no commitment
No credit card required Setup in 24 hours Cancel anytime
Book a Demo