§ Tag

HIPAA/HITRUST

HIPAA Security Rule, business-associate obligations, and HITRUST CSF — the US healthcare data-protection stack.

March 22, 2026

HIPAA compliance for SaaS: BAAs, safeguards, and the honest path

HIPAA compliance services for SaaS: what a BAA is, when you become a business associate, the minimum technical safeguards, and how SOC 2 maps to HIPAA.

Dev Agarwal7 min read

Read

January 26, 2026

HITRUST certification explained: e1, i1, r2, and the honest cost

HITRUST certification primer for SaaS founders: what the CSF is, the e1/i1/r2 levels, who issues the certificate, and how it maps to HIPAA and SOC 2.

Dev Agarwal7 min read

Read

January 21, 2026

Who the HIPAA Security Rule applies to

The HIPAA Security Rule applies to covered entities and business associates that create, receive, maintain, or transmit ePHI. Here is exactly who that is.

Dev Agarwal6 min read

Read