Canonical FrameworkCompliance & Audit

HIPAA (Covered Entity)

HIPAA covered-entity control-mapping starter for providers, plans, and clearinghouses processing PHI. It provides configurable gateway controls and evidence fields related to minimum-necessary use, access, audit, and transmission security; administrative, physical, and breach-response duties require separate implementation.

This template is a configurable starting point and control mapping. It is not certification, legal advice, or a guarantee of compliance; validate it against your obligations and environment before use.

Regions

US

References

5 references

Mapped Control Domains

6 mapped domains

Deployment

Clinical Zero-Retention, Private Cloud

Referenced Frameworks, Standards & Obligations

HIPAA Privacy Rule (45 CFR Part 164 Subpart E)HIPAA Security Rule (45 CFR Part 164 Subpart C)45 CFR Parts 160 and 164HITECH ActHHS Breach Notification Rule (45 CFR Part 164 Subpart D)

Mapped Control Domains

PHI Protection
Access Control
Audit Logging
Breach Notification
Data Encryption
Incident Response

Deployment profiles

Clinical Zero-Retention
Private Cloud

Get started in 3 steps

1

Open the template

Open the catalog entry in the Keeptrusts console and review its included controls, references, and deployment metadata.

2

Adapt the configuration

Use the template as a starting point, then adjust relevant policies, thresholds, routing, and review settings for your requirements.

3

Validate before rollout

Test every outcome you configure—such as allow, redact, block, or operator review—before deploying through a supported gateway workflow.