Compliance evidence

HIPAA — domain & certificate controls

Any US organization that creates, receives, maintains, or transmits electronic protected health information (ePHI) — and their business associates.

Authority: US Department of Health and Human Services (HHS)

What HIPAA actually requires

HIPAA's Security Rule (45 CFR §§ 164.302-318) requires administrative, physical, and technical safeguards for ePHI. Transmission security is explicit in § 164.312(e)(1)(B), and integrity controls per § 164.312(c)(1) implicitly rely on valid, trusted TLS to prevent tampering in transit.

Full name: HIPAA Security Rule (Health Insurance Portability and Accountability Act).

Controls that touch certificates and domains

These are the 3 controls most directly affected by TLS certificate and domain lifecycle. CertRadar produces evidence bundles mapped to each.

Control	Title	How CertRadar helps
`164.312(e)(1)`	Transmission Security	Required safeguard: implement technical security measures to guard against unauthorized access to ePHI transmitted over an electronic communications network — current, trusted TLS certificates are the standard implementation.
`164.312(e)(2)(ii)`	Encryption (addressable)	Implement a mechanism to encrypt ePHI whenever deemed appropriate — monitored TLS certificates are one such mechanism.
`164.308(a)(1)(ii)(A)`	Risk Analysis	Ongoing identification of vulnerabilities — expired or weak certificates are named vulnerabilities in NIST guidance.

What the evidence pack contains

CertRadar’s one-click export for HIPAA includes:

Inventory of all systems transmitting ePHI with their TLS certificate posture
Evidence of continuous transmission-security monitoring
Exception log tied to risk management procedures

Example domains in HIPAA scope

Representative domains often monitored for HIPAA evidence. Check any of them live:

epic.com →veracyte.com →mychart.com →cerner.com →athenahealth.com →

Ship the HIPAA evidence your auditor asks for.

CertRadar gives security, IT, and compliance teams a complete inventory of every domain and cert your company owns — plus a one-click evidence pack mapped to HIPAA controls. Beta in weeks. Early members get a lifetime Pro discount.

Join the waitlist

Other frameworks

SOC 2 ISO 27001 PCI DSS GDPR FedRAMP HITRUST NIST CSF CIS Controls CMMC NIS2 DORA CCPA ISO 27017 IRAP