The Healthcare Insurance Portability and Accountability Act (HIPAA), is a United States’ legislation, developed with the aim of providing data privacy and security in order to safeguard medical information. HIPAA is mandatory for companies working within the US and handling healthcare data. Kratikal has worked with many clients and remediated their compliance needs with regards to HIPAA.

We specialise in HIPAA compliant cloud containers, data centres and identity management systems. We start by identifying e-PHI (Electronic Personal Health Information) in the infrastructure, followed by Risk Assessment, Vulnerability Assessment, Gap Analysis and relevant recommendations. We plan out rigorous trainings for internal auditors, data protection officers and management level reviewers to adhere with HIPAA compliance requirements.


There are primarily five phases, and in each phase, there can be several sub-phases:

Stage I: Scope Determination
We list out the assets or network segment in the current scope. We understanding the business process, e-PHI assets, their storage and exchange. We list out the vulnerabilities in the e-PHI handling and storing mechanism.

Stage II: Gap Analysis
We perform a detailed assessment of the shortcomings of the current state of IT assets against the recommended standards of HIPAA and industry best practices.

Stage III: Implementation
This stage involves aligning current processes involving e-PHI handling, with the guidelines of HIPAA. We implement necessary controls and modify current information flow processes to improve the security posture of the organisation. HIPAA is primarily concerned with security and privacy of e-PHI information of patients. Same is demonstrated by Kratikal while conducting HIPAA compliance.

Stage IV: Internal Audit
Under this stage, we perform a checklist-oriented audit to verify adherence to suggested controls and implementation. This helps us rectify process oversights and enforce employee level controls if needed. We recommend changes in organisational policies and access control mechanisms.

Stage V: Certification
Certification process is carried out by independent auditors, not by the implementers. We bring the auditor for the certification process. Thus, we take care of end to end process from scope determination to certification making the whole process easy for the client.

Depending upon the number of employees, scale of organisation, IT Assets and geographical spread, the exact duration of the process will vary.

For more details, you can drop a mail to sales@kratikal.com. Our customer facilitators will call you back.


Secure and confidential storage of patient’s data.

Better coordination of healthcare data due to standardisation of data formats.

Do away with health plan–specific reporting and filing requirements for hospitals and health care providers.

Reduce paper involvement in managing healthcare records.

Avoid sanctions due to improper handling of data records and data breaches.