I work for a IT Solutions company and we currently do not have any healthcare contracts. My HR Director just called me and told me that we are required to be HIPAA compliant due to one of our health insurance plans.
Is anyone else in the U.S. running into this? I worked in healthcare for 7 years and most of our security policies are following industry best practices. But still, this came as a shock to me. My company has nothing to do with healthcare other than the fact that like almost every other company, we offer our employees health insurance.