Is HIPAA International?
HIPAA is a concern for many businesses operating in the United States, but should it be a concern for international businesses? Does HIPAA apply internationally? Well, yes and no.
When Does HIPAA Apply Internationally?
HIPAA applies to international businesses under certain circumstances. When a business that operates outside of the United States works with companies that have access to the health information of United States residents, HIPAA can apply.
Let’s make this simple.
If you create, receive, transmit, or store patient protected health information (PHI) on behalf of your healthcare clients, you are a business associate and HIPAA applies. Common examples of international businesses that are subject to HIPAA include software providers, call centers, and IT.
Rules for HIPAA International Data Transfer
What are the rules for HIPAA international data transfer? The HIPAA Security Rule requires organizations to ensure the confidentiality, integrity, and availability of PHI. As such, there are specific measures that must be taken to keep PHI secure during an international data transfer.
Before an international data transfer can occur, you must have a signed business associate agreement in place, have implemented end to end encryption, user authentication, access controls, audit logs, and disaster recovery.
HIPAA allows international organizations to handle PHI, if they are HIPAA compliant. Even if the international business cannot view PHI and they simply store the information, they must be HIPAA compliant.
What Are HIPAA International Requirements?
As a HIP