Comment by morpheuskafka
3 hours ago
But there are no auditors required for HIPAA. Only the government (HHS OCR) itself can enforce the standards.
3 hours ago
But there are no auditors required for HIPAA. Only the government (HHS OCR) itself can enforce the standards.
Thanks for the clarification, in that case the text is indeed really weak. Does that system work in practice, or are companies just claiming they are HIPAA compliant with close to no actual auditing mechanism?
You get that the technical controls in SOC2 are also extremely weak, right?
Sure, yes. The way I understand SOC2 relies on the auditors to set the effective standard. So it really depends who audited you
5 replies →