HIPAA (Business Associate)
HIPAA business-associate control-mapping starter for service providers that handle PHI for covered entities. It references BAA and subcontractor duties and provides configurable gateway controls for access, auditing, and encryption; contractual and breach-response obligations require separate implementation.
This template is a configurable starting point and control mapping. It is not certification, legal advice, or a guarantee of compliance; validate it against your obligations and environment before use.
US
4 references
6 mapped domains
Clinical Zero-Retention, Private Cloud
Referenced Frameworks, Standards & Obligations
Mapped Control Domains
Deployment profiles
Get started in 3 steps
Open the template
Open the catalog entry in the Keeptrusts console and review its included controls, references, and deployment metadata.
Adapt the configuration
Use the template as a starting point, then adjust relevant policies, thresholds, routing, and review settings for your requirements.
Validate before rollout
Test every outcome you configure—such as allow, redact, block, or operator review—before deploying through a supported gateway workflow.
More Compliance & Audit templates
SOC 2 Type I
SOC 2 Type I template for point-in-time design effectiveness against the AICPA Trust Services Criteria.
SOC 2 Type II
SOC 2 Type II template for operating effectiveness across the AICPA Trust Services Criteria.
ISO/IEC 27001
ISO/IEC 27001 template for ISMS, supplier assurance, continuity, and cloud privacy controls.