We provide support to healthcare provider while accessing server and clients.
The healthcare server DB stores ePHI (Only medical record number).
As part of our support we are potentially exposed to the mentioned ePHI.
We do not extract ePHI nor download locally.
The question is:
Do we need to be HIPPA compliant?