Get started on your path towards HIPAA compliance

HIPAA Compliance Solutions

Learn about HIPAA compliance solutions for covered entities and business associates.

Healthcare Administration Staff Work to Meet HIPAA Law.

What Are Your HIPAA Compliance Requirements?

You may have worked with companies that promise solutions, but fail to deliver. SecurityMetrics helps you identify which HIPAA requirements apply to your organization and guides you through HIPAA compliance. SecurityMetrics' unmatched support helps you every step of the way on your path towards HIPAA compliance. When you partner with SecurityMetrics, you will love our detailed work and world-class support.


Award-Winning HIPAA Support

HIPAA compliance absorbs time, personnel, and other valuable resources from your organization. SecurityMetrics provides easy-to-implement, comprehensive security services in a timely, accurate, and headache-free solution to HIPAA Security.

Guided HIPAA Compliance

Stop wondering if your compliance efforts are going to waste. SecurityMetrics guides you down a path to compliance and provides peace of mind in knowing you have taken the appropriate steps to protect your patients and organization from data compromise.

Lasting Data Security

Our solutions not only simplify your compliance efforts today, but also provide the resources and education needed to create lasting data security protection for tomorrow.

Automating HIPAA Compliance

Without proper support, even the best security tools will do little to protect your patient data. SecurityMetrics combines innovative data security tools with award-winning customer support to help guide your organization to compliance and maximize the security benefits of your HIPAA efforts.

A Partner You Can Trust

Healthcare experts shouldn't have to be security experts. Over the past decade we've has helped more than one million organizations secure data and comply with various mandates. When you partner with SecurityMetrics, you have confidence that a solution to your compliance problems is never more than a phone call away.

What Does HIPAA Stand For?

HIPAA stands for Health Insurance Portability and Accountability Act. It was formed in 1996 and, among other things, protects patient health information. 


Who must be HIPAA compliant?             

The HIPAA Rules apply to two groups: covered entities and business associates. A covered entity is a health plan, health care clearinghouse or health care provider who electronically transmit any health information. Examples of covered entities are:

  • Doctors
  • Dentists
  • Pharmacies
  • Health insurance companies
  • Company health plans

A business associate is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity. Examples of business associates (whose services involve access to PHI) are:

  • CPA
  • Attorney
  • IT providers
  • Billing and coding services
  • Laboratories

For more detailed information on the definition of a covered entity and businesses associate visit The Department of Health and Human Services (HHS) website.


HIPAA Privacy Rule             

The HIPAA Privacy Rule provides federal protections for personal health information and gives patients rights to their own protected health information (PHI). The Privacy Rule permits the disclosure of PHI needed for patient care and other important purposes. The Privacy Rule applies to all healthcare providers, including those who do not use an Electronic Health Record (EHR) system, and includes all mediums: electronic, paper, and oral.

Privacy Rule Basics:

  • Spells out administrative responsibilities
  • Discusses written agreements between covered entities and business associates
  • Discusses the need for privacy policies and procedures
  • Describes employer responsibilities to train workforce members and implement requirements regarding their use and disclosure of PHI.

Privacy Rule Examples

  • Train all employees on its privacy policies and procedures
  • Properly dispose of documents containing protected health information
  • Secure medical records with lock and key or pass code
  • Create procedure for individuals to know to whom they can submit a complaint about a covered entity's compliance with the Privacy Rule


HIPAA Security Rule             

The HIPAA Security Rule requires covered entities, business associates, and their subcontractors to become HIPAA compliant by implementing safeguards to protect electronic protected health information (ePHI) that is created, received, or maintained. It specifies a series of administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of ePHI. Most violations of the HIPAA Security Rule result from businesses not following policies and procedures to safeguard ePHI, thus preventing them from becoming HIPAA compliant.

Security Rule Basics:

  • Establish a national set of security standards for ePHI
  • Protects health information held or transmitted in electronic form
  • Requires administrative, physical, and technical safeguards to secure ePHI
  • Supports the Privacy Rule requirement to reasonably safeguard PHI in all forms
HIPAA/HIPAA Small Practices/blue-bg-lock

Security Rule Examples:

  • Designate a security officer who is responsible for compliance
  • Create policies and procedures that explain proper use of workstations and electronic media
  • Ensure all employees have unique passwords
  • Limit physical access to covered entity's facilities

Related Links

  • Guide SecurityMetrics Guide to HIPAA Compliance

    We intend our guide to be a “deskside” reference for the day-to-day and recurring demands of HIPAA compliance. It’s meant to strike a balance between generally informative and specifically practical. Those who use our guide report that it is “thorough and detailed-oriented. Very helpful.”

  • Webinar How To Prepare For A HIPAA Audit

    A HIPAA compliance audit is one way to fill holes that lead hackers to your patient data. In this webinar, we'll discuss the steps to prepare for a HIPAA audit.

  • Resource Center Threat Intelligence Center Feed

    SecurityMetrics Threat Intelligence Center analysts monitor current cybercriminal trends to give you weekly news reports and trending threat insights straight to your inbox, including: bi-monthly cybersecurity video-podcast, current data breaches, cybersecurity news, and technical advice to keep your system hacker-free.

  • Academy SecurityMetrics Academy

    Academy contains videos, quizzes, and external resources on topics like security policies and encryption. Our intent is to help SMBs like franchisees, small merchants, and healthcare practices address specific cybersecurity risks businesses may face.

  • Podcast SecurityMetrics Podcast

    This podcast is intended to help businesses of all sizes as well as individuals–whether security professionals or not. We want to break security concepts down well enough that anyone can understand the top cybersecurity threats and how to deal with them.

  • Guide SecurityMetrics Guide to PCI DSS Compliance

    The SecurityMetrics Guide to PCI DSS Compliance will help you understand current PCI requirements and trends, so that you can better protect data from inevitable future attacks.

Let Us Help You Start HIPAA Compliance

Let Us Help You Start HIPAA Compliance

We've helped over 800,000 businesses with data security and compliance