The US Health Insurance Portability and Accountability Act of 1996 (HIPAA) established data security and privacy requirements for the storing and processing of protected health information (PHI and e-PHI). Entities that are subject to HIPAA must implement a set of technical, administrative, and physical controls outlined in the HIPAA Security Rule, which are designed to secure this protected health information. It is important to note that there is no certification recognized by the US HHS for HIPAA compliance and that complying with HIPAA is a shared responsibility between the customer and HCL SW. To demonstrate compliance to HIPAA rules, HCL SW engaged a third-party assessor to validate compliance with the HIPAA Security Rule.