Industry TemplateIndustry-Specific

Healthcare (US — HIPAA)

US healthcare governance starter aligned to selected HIPAA Privacy and Security Rule requirements. Its configurable controls target Safe Harbor identifier categories, role-aware minimum-necessary handling, bulk PHI extraction, retention, and human review for clinical decision-support workflows.

This template is a configurable starting point and control mapping. It is not certification, legal advice, or a guarantee of compliance; validate it against your obligations and environment before use.

Regions

US

References

8 references

Mapped Control Domains

5 mapped domains

Deployment

Regulated SaaS, Clinical Zero-Retention

Referenced Frameworks, Standards & Obligations

HIPAA Privacy Rule (45 CFR §164.500-534)HIPAA Security Rule (45 CFR §164.302-318)HITECH Act (42 U.S.C. § 17901 et seq.)42 CFR Part 2 (Substance Use Disorder)HHS Guidance on AI in HealthcareONC Cures Act Final RuleCMS Interoperability RulesFDA Software as Medical Device (SaMD)

Mapped Control Domains

PHI Protection
Access Control
Audit Logging
Clinical Safety
Data Loss Prevention

Deployment profiles

Regulated SaaS
Clinical Zero-Retention

Get started in 3 steps

1

Open the template

Open the catalog entry in the Keeptrusts console and review its included controls, references, and deployment metadata.

2

Adapt the configuration

Use the template as a starting point, then adjust relevant policies, thresholds, routing, and review settings for your requirements.

3

Validate before rollout

Test every outcome you configure—such as allow, redact, block, or operator review—before deploying through a supported gateway workflow.