Neither HIPAA nor its amendment (HITECH) have official compliance certifications by their governing bodies.  Most organizations demonstrate HIPAA compliance by including HIPAA policies and evidence in annual third party assessments of a related standard that has an official certification.  For example, Microsoft Azure includes HIPAA policies in their annual ISO 27001 audit, and AWS includes HIPAA policies in their annual FedRAMP (NIST 800-53) assessment.  For the latter, NIST 800-66 provides guidance as to how to map HIPAA controls to NIST 800-53 controls. Tioga Security manages HIPAA policies through the ISMScloud.


HITRUST is an emerging standard for the healthcare industry that incorporates HIPAA requirements in a more prescriptive manner.  Like ISO 27001 and FedRAMP, HITRUST certifies third-party auditors who can then grant an official certification of compliance to an organization. In addition to third-party certifications, HITRUST has self assessments that can be used to verify compliance with those standards.


The newly instituted GDPR (General Data Protection Regulation) requires businesses to protect personal data and privacy for electronic transactions that occur within the European Union.  Using the ISMScloud, Tioga Security does the heavy lifting by compiling all of the controls for the regulation in one easy to access tool to help companies maintain compliance.