
HIPAA
Health Insurance Portability and Accountability Act for healthcare data privacy and security.
Overview
The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. law that establishes national standards for the protection of sensitive patient health information.
HIPAA requires healthcare organizations and their business associates to implement administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of protected health information (PHI).
The law includes the Privacy Rule, Security Rule, and Breach Notification Rule, and is enforced by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR).
Key Requirements
- Implement administrative, physical, and technical safeguards for PHI
- Develop and enforce privacy and security policies and procedures
- Conduct regular risk assessments and workforce training
- Control access to PHI and monitor system activity
- Ensure secure transmission and storage of PHI
- Maintain breach notification and incident response processes
- Manage business associate agreements and third-party risk
Frequently Asked Questions
- Governing Body:
- U.S. Department of Health and Human Services (HHS)
- Current Version:
- HIPAA Omnibus Rule (2013)
- Key Rules:
- Privacy Rule, Security Rule, Breach Notification Rule
- Scope:
- Covered entities and business associates handling PHI
- Enforcement:
- HHS Office for Civil Rights (OCR)
- Healthcare providers (hospitals, clinics, physicians)
- Health plans and health insurance companies
- Healthcare clearinghouses
- Business associates handling PHI on behalf of covered entities
- Technology vendors serving the healthcare industry
HIPAA Risk Assessment
Comprehensive evaluation of your organization's compliance with HIPAA requirements and identification of gaps.
Policy and Procedure Development
Creation of tailored privacy and security policies and procedures for HIPAA compliance.
Workforce Training and Awareness
Staff training programs to ensure understanding and adherence to HIPAA requirements.
Business Associate Management
Support for managing business associate agreements and third-party risk.
Incident Response and Breach Notification Planning
Development of incident response and breach notification processes in line with HIPAA rules.
How Much Will HIPAA Cost You?
Estimate your SRA, safeguard implementation, and ongoing compliance program costs. Answer 7 questions, get an instant estimate.
Related Resources
Tools, templates, and articles for HIPAA compliance

Cost Calculator
HIPAA Cost Calculator
Estimate your HIPAA compliance costs based on organization type, data volume, and current controls.

TPRM Guide
AI-Powered TPRM with Claude Skills and CISO Assistant
A practical playbook for building continuous third-party risk management using Claude skills, MCP, and the open-source CISO Assistant platform.

Security Operations
Operationalizing Adversarial Control Validation
How to turn adversarial control validation into a continuous capability with metrics, POA&M integration, and a maturity model.