← View all articles

Quick Guide to HIPAA

Selin Kocalar
2 min read • Feb 9th, 2024

Almost all companies that process health data in the US need to become HIPAA compliant. Here’s the 2-minute breakdown of what HIPAA is, how to get compliant, and key tips and tricks.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) outlines how sensitive patient health information (PHI) should be handled in the US.

HIPAA applies to you if:

Exceptions:

OR

Consequences of not being HIPAA compliant:

If you get caught for not complying, you could face serious consequences:

→ You could get fined (up to $1.5M/year)

→ You could be personally liable (criminally punishable)

→ You could lose your business license

HIPAA is enforced by the Office for Civil Rights (OCR) of the US Department of Health and Human Services (HHS). The Federal Trade Commission (FTC) also enforces good security practices and can prosecute companies that don’t have them in place.

Pros and cons of being HIPAA compliant

Pros

Cons

What’s required for HIPAA compliance?

To get HIPAA compliant, you must ensure that you are covered on both a technical and administrative level. On a high level, here are the requirements for compliance:

Technical

Configure infrastructure that follows 2 core principles:

Implement logging

Monitor your infrastructure

Administrative

Implement legal policies

Establish company protocols for questions like:

Continually manage and assess compliance

What compliance solutions are available?

Instead of doing things from scratch (risky, time-consuming, and expensive) we recommend checking out the solutions below: 

For technical tasks: Aptible, Porter, etc.

For administrative tasks: Vanta, Drata, Secureframe, Sprinto, etc.

For BOTH technical & administrative tasks: Delve

Insider tips & tricks on HIPAA compliance

Who are we?

We’re Selin and Karun and we’re fast tracking companies to HIPAA compliance! Feel free to reach us at [email protected] or book a demo.