HIPAA Compliance 101

In the United States, any business or organization that handles confidential healthcare data must be HIPAA-compliant. HIPAA compliance is a requirement set by the government to help mitigate cybercrime risk for personal health information.

Because of the value of sensitive personal information, healthcare is one of the industries most targeted by cybercriminals. According to Statista, over 35% of all data breaches from 2014-2019 occurred in the medical and health care sectors.

In order to protect your healthcare organization from costly data breaches and HIPAA violations. You’ll need to understand the cybersecurity measures that are needed and work to implement them.

What is HIPAA?

HIPAA is short for the Health Insurance Portability and Accountability Act. It became enacted back in 1996 and was signed off by President Bill Clinton. HIPAA was created primarily to modernize the flow of healthcare data.

The guidelines set out by HIPAA are designed to ensure that all people and organization who have access to personal medical information are handling it safely and securly.

The entities that must follow HIPAA rules include:

  • Health Plans. This sector includes health insurance companies, HMOs, and government programs such as Medicare and Medicaid.
  • Healthcare Providers. Any provider that processes electronic patient data, such as doctors and hospitals, must comply.
  • Healthcare Clearinghouses. Even nonstandard data, electronic or otherwise, must be handled properly.

Additionally, any business associates of these kinds of covered entities must also comply with HIPAA regulations.

Becoming HIPAA-compliant

If your business or organization must become HIPAA-compliant, there are several ways to go about it.It’s possible to make the changes in-house, if your team has the necessary time and expertise, or you can have an IT services company to do the work for you. 


HIPAA rules and regulations are quite comprehensive and often complicated. However, if you have a thorough understanding of HIPAA and the technology you use, it’s possible to ensure compliance through your in-house team.

The first major consideration in this decision is if your employees have enough time to dedicate to the project. Transitioning to HIPAA-compliant systems will take technicians away from the daily tasks already on their agendas.

The second consideration is technical know-how. Technology changes daily, and HIPAA regulations are also updated in response. Everyone who works on HIPAA compliance for your organization needs to be entirely up to speed with those changes.

Your IT staff will need to have a lot of specialty knowledge and the extra time to handle HIPAA compliance on top of their daily tasks. That is a difficult load to handle, especially for smaller organizations.


As an easier and more effective solution to self-compliance, you can outsource the work to an expert IT services company. Their technicians will be fully versed in HIPAA regulations and updates, and they can guarantee your compliance.

A managed IT services company will typically begin a project by analyzing the existing security of the network. Then they will know exactly what your system needs to be fully secure. THey can implement those changes and monitor the network for any issues.

Outsources this work doesn’t take any time away from your daily operations, in fact, it often makes life easier for your staff. It’s a cost effective way to fulfill your HIPAA obligations.


Cybercrime activity is showing no signs of diminishing, particularly in the healthcare industry. If your business deals with confidential patient information, the law says your organization needs to be HIPAA-compliant.

Reaching HIPAA compliance can be time-consuming for an in-house team, or you can use an experienced and qualified IT services company. This tactic will save you resources while delivering fantastic results.

Chris Turn

Chris Turn