How Do You Become HIPAA Compliant?

Do you need to be HIPAA compliant?

If your application handles protected health information (PHI) then you need to be HIPAA compliant. As we wrote in last week’s post, violating HIPAA can be costly and can result in civil and criminal penalties.

The HIPAA rules apply to both Covered Entities and Business Associates.Covered entities are anyone who provides treatment, payment and operations in healthcare, including companies and organizations such as: doctor’s offices, dental offices, clinics, psychologists, health plans, insurance companies, HMOs and more.Business associates is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity.

How do you become HIPAA compliant?

The HIPAA Security Rule requires appropriate Administrative, Physical, and Technical Safeguards to ensure the confidentiality, integrity, and security of protected health information (PHI).

In order to meet HIPAA compliance software requirements you need to ensure you’re meeting the four main requirements of the HIPAA law:

You must put safeguards in place to protect patient health information.
Reasonably limit use and sharing of protected health information to the minimum necessary to accomplish your intended purpose.
Have agreements in place with service providers that perform covered functions. These agreements, called Business Associate Agreements (BAAs) ensure that service providers (Business Associates) use, safeguard and disclose patient information properly.
Procedures to limit who can access patient health information, and training programs about how to protect patient health information.

Can I get a HIPAA compliance certificate?

There is no official body that offers HIPAA Compliance Certification; in fact, the Department of Health and Human Services (HHS) is the federal governing body that oversees HIPAA compliance. does not endorse or recognize the “HIPAA Compliance Certifications” made by private organizations.

However, the evaluation standard in the Security Rule § 164.308(a)(8) requires you to perform a periodic technical and non-technical evaluation to make sure your security policies and procedures meet security requirements. But, HHS doesn’t care if the evaluation is performed internally or by an external organization.

In short, it’s up to you to determine if your administrative, technical, and physical safeguards meet HIPAA compliance requirements.

Read our whitepapers: Maintaining HIPAA Compliance in a Mobile World and 10 Enterprise Security Best Practices.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Do you need to be HIPAA compliant?

How do you become HIPAA compliant?

Can I get a HIPAA compliance certificate?

Products

About

RESOURCES

Developer APIs & Docs

Contact Us

FIND US HERE

Solutions

Verticals

Blog

Customers