Home » Services » Compliance » HIPAA



HIPAA: What is it?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.

HIPAA Privacy Rule

The Privacy Rule standards address the use and disclosure of individuals’ health information (known as “protected health information”) by entities subject to the Privacy Rule.







These individuals and organizations are called “covered entities.” The Privacy Rule also contains standards for individuals’ rights to understand and control how their health information is used. A major goal of the Privacy Rule is to ensure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high-quality health care and to protect the public’s health and well-being. The Privacy Rule strikes a balance that permits important uses of information while protecting the privacy of people who seek care and healing

Our approach

Insight. Creativity. Technology.

Proven methods applied in a consistent manner to help achieve security through compliance

Save Time

We carefully assets your current environment to determine the the level of effort and timeline for your HIPAA compliance journey

Concentrate on Business

We work with you on the best path of implementation to obtain your HIPAA compliance

Enhanced security

We work with you on the best path of implementation to maintain HIPAA compliance


Main areas of focus; Technical, Physical, Administrative


Individual controls

6-8 months

Avg. time to become HIPAA compliant


Fine per incident

HIPAA Compliance Process


Here we determine what portions of your business should be included in the HIPAA compliance assessment. This is also where we help you determine where data is located and any additional items that may need to be assessed.


Here we learn about your existing information security posture and determine the gap between your current state and achieving HIPAA compliance.


Here, we determine where your organizations information security risks are greater than your risk appetite and develop a Risk Remediation plan to address them.


Once we have established we are meeting our HIPAA requirements, an independent review will be conducted to ensure the completeness and accuracy of the project.

Frequently Asked Questions

The HIPAA rules apply to both Covered Entities and their Business Associate

The U.S. Department of Health & Human Services (HHS) Healthcare Providers, Health Plans, and Healthcare Clearinghouses are all Covered Entities. Healthcare Providers are hospitals, doctors, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies that are considered Healthcare Providers and need to be HIPAA compliant.

A Business Associate is any entity that uses or discloses PHI on behalf of a Covered Entity. Furthermore, a Business Associate is any person who, on behalf of a Covered Entity, performs (or assists in the performance of) a function or activity involving the use or disclosure of PHI.


Simply…A business Associate is a vendor or subcontractor who has access to PHI.


Here are some examples of potential Business Associates:

  • Data processing firms or software companies that may be exposed to or use PHI
  • Medical equipment service companies handling equipment that holds PHI
  • Shredding and/or documentation storage companies
  • Consultants hired to conduct audits, perform coding reviews, etc.
  • Lawyers
  • External auditors or accountants
  • Professional translator services
  • Answering services
  • Accreditation agencies
  • e-prescribing services
  • Medical transcription services



Let's talk about how we can help.