HDS compliance-matrix

Health Data Safe — compliance matrix

How HDS is compliant, and what an organisation building on HDS must still do themselves. Each requirement is read across three layers.

Pryv platformwhat the open-pryv.io software does (inherited)
HDSwhat HDS-as-operator + the app stack adds
Implementerwhat's on your plate, per persona (+ agreements to sign)

6 scopes · 227 requirements · 4 agreement templates

General Data Protection Regulation GDPR

regulation · EU + EEA (extraterritorial via Art. 3) CHUS · 47 requirements

HIPAA Breach Notification Rule HIPAA-Breach

regulation · US US · 13 requirements

HIPAA Privacy Rule HIPAA-Privacy

regulation · US US · 35 requirements

HIPAA Security Rule HIPAA-Security

regulation · US US · 41 requirements

SOC 2 — AICPA Trust Services Criteria (Security, Availability, Confidentiality, Processing Integrity, Privacy) SOC 2

standard · United States (AICPA) USCH · 61 requirements

Swiss Federal Act on Data Protection (revised FADP / nLPD) Swiss nLPD

regulation · Switzerland (extraterritorial via Art. 3 for processing affecting CH) CH · 30 requirements