What is HIPAA?

HIPAA stands for Health Insurance Portability and Accountability Act. The purpose of this act is to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.

Who Must Comply With HIPAA?

HIPAA applies with any organization that handles personal data concerning health, such as treatment providers (e.g., dentist or physician offices, outpatient clinics, imaging centers, hospitals, urgent care centers), insurance companies, health research facilities, and other facilities that handle health care and/or otherwise collect data concerning health.

HIPAA consulting meeting

What Are The Requirements of HIPAA?

Generally, companies should ensure the confidentiality, integrity, and availability of all electronic Personal Health Information (e-PHI). They must identify and protect against reasonably anticipated threats to the security of the information, they must protect against reasonably anticipated impermissible uses,  and they must ensure compliance by their workforce. 

HHS, who governs HIPAA, understands that companies range from small to large businesses, and therefore can identify what solutions are appropriate for their company, however, some recommended processes, procedures, and controls to implement are:

  • Regular risk analyses to:
    • Evaluate the likelihood and impacT of potential risks to e-PHI. 
    • Implement appropriate security measures to address the risks identified.
    • Document the chosen security measures and, where required, the rationale for adopting those measures
    • Maintain continuous, reasonable, and appropriate security protections.
  • Designate a security official who is responsible for developing and implementing its security policies and procedures.
  • Policies and procedures for authorizing access to e-PHI only when appropriate based on the user or the recipient’s role.
  • Provide appropriate training, authorization, supervision, and discipline of workforce who work with e-PHI.
  • Limit physical access to facilities while ensuring authorized access is allowed.
  • Policies and procedures to specify proper access, use, transfer, and disposal of workstations and electronic media.
  • Technical policies and procedures that allow only authorized personnel to access e-PHI.
  • Hardware, software, and/or procedural mechanisms to record and examine access and other activity to systems that contain e-PHI.
  • Processes and procedures to ensure e-PHI is not improperly altered or destroyed.
  • Technical security measures to guard against unauthorized access to e-PHI.
HIPAA consulting assessment

How to start with HIPAA

To get started with HIPAA compliance you’ll want to first assign a designated security official who will be responsible for developing and implementing HIPAA security policies and procedures. Once your processes and procedures are determined you’ll want to start training your staff while arranging for a risk analysis to identify any potential issues.

If you have further questions regarding HIPAA or need help with your compliance setup don’t hesitate to contact us below. Our HIPAA Consulting Services will set you up with an experienced HIPAA compliance professional who can help guide your organization towards compliance. 

Gain Compliance With Red Lion HIPAA Consulting Services

Do you still have questions regarding HIPAA? Our HIPAA consulting professionals can help you to understand and comply with HIPAA, regardless of complexity.

Contact Us Today

Other Regulations & Services That You May Be Interested In:

UL 2900

Underwriters Laboratories 2900


The Sarbanes-Oxley Act
Translate »