Whistic Updates HIPAA to Include Scoring

April 14, 2022

The Health Insurance Portability and Accountability Act of 1996, or HIPAA, is a series of regulatory standards that outline the lawful use and disclosure of protected health information (PHI). HIPAA compliance is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).

The content and language has not changed, however, the format and structure have been updated and the Questionnaire can now be scored. Scoring is binary which means, the vendor get’s “credit” if they provide an answer that is compliant and “no credit” for answers that are considered “non-compliant”. All questions are weighted equally within the standard, however, when reviewing a completed Questionnaire, you can adjust the weight of the question based on the vendor's responses or commentary and unique risk tolerances. 

For more information on HIPAA, click here

standards vendor assessment third party risk mgmt vendor security management hipaa

About the author


The latest insights and updates on information security and third party risk management.

Hate security reviews?
Want FREE AirPods?*

Offer valid for any decision-maker/influencer in relation to your company’s third-party risk management strategy. Company size must exceed 100 employees. Exclusions apply. Limit 1 pair per company.