Canonical Framework Canonical Frameworks

HIPAA (Business Associate)

HIPAA compliance for business associates handling PHI on behalf of covered entities. Covers BAA requirements, PHI protection, subcontractor management, breach notification (HITECH Act § 13401), and detailed audit logging. Essential for health-tech vendors and service providers.

Regions

Regulations

4 covered

Control Domains

7 domains

Deployment

Clinical Zero-Retention, Private Cloud

Explore Talk to Sales

Regulations & Standards

HIPAA Privacy Rule (45 CFR 164) HIPAA Security Rule 45 CFR 160/164 HITECH Act § 13401

Control Domains

Phi Protection

Data Processing Agreements

Incident Response

Access Control

Data Encryption

Audit Logging

Subprocessor Management

Deployment Options

Clinical Zero-Retention

Private Cloud

Get started in 3 steps

Explore the template

Click "Explore in Console" to open this template in the Keeptrusts configuration editor.

Customize policies

Adjust detection thresholds, escalation rules, and redaction patterns to match your requirements.

Deploy to your gateway

Save your configuration and deploy it to any Keeptrusts gateway — cloud, on-prem, or air-gapped.

More Canonical Frameworks templates

SOC 2 Type I

Point-in-time SOC 2 readiness with Trust Services Criteria controls.

Global

SOC 2 Type II

Continuous SOC 2 compliance with change management and risk controls.

Global

ISO/IEC 27001

International information security management system standard.

Global

Browse all templates