• Blog
  • Services
    • PHIshMD Ongoing Training
    • HIPAA Compliance
    • Cyber Insurance for Healthcare Practices
    • Discover Vulnerabilities to Patient PHI
  • Store
    • HIPAA Secure Now Service Store
  • Contact Us
    • Sales Inquiry
    • Customer Support
  • Resources
    • Free Healthcare Security Check Up Quiz
    • HIPAA Compliance Requirements | A Guide
    • Webinars & Downloadable Content
    • Use our free Breach Cost Calculator
    • HIPAA Secured Seal
    • In-Email Training & Analysis | Catch Phish

Call us at: 877-275-4545

Client or Partner? Login here
HIPAA Secure Now!HIPAA Secure Now!
  • Blog
  • Services
    • PHIshMD Ongoing Training
    • HIPAA Compliance
    • Cyber Insurance for Healthcare Practices
    • Discover Vulnerabilities to Patient PHI
  • Store
    • HIPAA Secure Now Service Store
  • Contact Us
    • Sales Inquiry
    • Customer Support
  • Resources
    • Free Healthcare Security Check Up Quiz
    • HIPAA Compliance Requirements | A Guide
    • Webinars & Downloadable Content
    • Use our free Breach Cost Calculator
    • HIPAA Secured Seal
    • In-Email Training & Analysis | Catch Phish

from complex, to straightforward

HIPAA Compliance Requirements

 Free Healthcare Security Check Up

What is all this "HIPAA" Stuff About Anyway?

Technology has made our lives easier. From accessing data from anywhere to saving paper and increasing efficiency, technology shows no signs of slowing down. But neither do cybercriminals who seek out that data for their own monetary gain. In an effort to protect confidential patient data, HIPAA was born. Hover over the boxes to learn more about HIPAA and why it is so important! 

HIPAA stands for the Health Insurance Portability and Accountability Act and is primarily composed of two main rules, the HIPAA Security Rule and HIPAA Privacy Rule. These federal laws are to be followed by all covered entities and business associates (where applicable) who work with protected health information (PHI) in some capacity.

The HIPAA Security and Privacy Rules were created to empower patients with specific rights regarding their protected health information (PHI) while creating guidelines for the protection of this data. Additionally, while cybercrime affects all industries, the value of health data and PHI are significantly higher, making these protections critical.

 It can be difficult to truly be in "perfect" compliance. There are always vulnerabilities where an organization can improve, but the important goal is an effort towards compliance. Steady progress towards reducing organizational risks and a conscious effort to protect patient rights go a long way in demonstrating a culture of compliance.

What is Protected Health Information?

According to the Department of Health and Human Services, "The Privacy Rule defines PHI as individually identifiable health information, held or maintained by a covered entity or its business associates acting for the covered entity, that is transmitted or maintained in any form or medium. This includes identifiable demographic and other information relating to the past, present, or future physical or mental health or condition of an individual, or the provision or payment of health care to an individual that is created or received by a health care provider, health plan, employer, or health care clearinghouse."

Meeting Your HIPAA Compliance Requirements Has Never Been Easier

Live in-portal work plan

Included with our in-depth Risk Assessment is a work plan, accessible from inside the compliance portal, allowing you to update your progress as you implement recommendations, in real-time!

side-by-side help

With our HIPAA Premier Service you receive two 1-hour consultations with one of our HIPAA experts. From walking you through the Security Risk Assessment to going through your provided work plan, we'll be by your side.

NIST standards

Our detailed Risk Assessment follows the methodology described in NIST Special Publication (SP) 800-30 Revision 1.  Learn more about this methodology here.

Executive Summary Report

Our Executive Summary Report breaks down your Risk Assessment findings into Addressable (A) and Required (R) areas, helping you prioritize your initiatives. 

HIPAA Compliance Requirements, Simplified

Available for Covered Entities and Business Associates, each of our complete compliance solutions cover the HIPAA Compliance basics required annually through our easy-to-use compliance portal. Navigate the features below to learn more about the federal HIPAA compliance requirements, why they're so important, and how we can help!

  • Privacy & Security Training
  • HIPAA Risk Assessment
  • Policies & Procedures

HIPAA Privacy & Security Training

Requirement: According to HIPAA Security Rule 164.308(a)(5) all organizations under HIPAA must “Implement a security awareness and training program for all members of its workforce (including management).”

Why Training? While security awareness training is a requirement under HIPAA, its importance extends far beyond “checking a box” on your compliance journey. With healthcare being a prime target for cybercriminals due to the high value of medical data on the dark web, the often-outdated systems, and a fast-paced work environment, the HIPAA Rules haven’t quite kept up with the times of the digital era we’re living in. Cybercriminals are getting more advanced each day, which is why security awareness training must go beyond HIPAA to cover critical cybersecurity topics. The good news? Our training programs cover both!

Our Core Annual Training: We offer an annual, engaging, case-study based HIPAA Privacy & Security Training course included in our HIPAA Essential Service, HIPAA Premier Service, and PHIshMD Cybersecurity Program. Here's an overview of core annual training course:

  • Topics include: HIPAA basics, the HIPAA Security and Privacy Rule, phishing, encryption, password security, breach response, patient rights, the use and disclosure of ePHI and more
  • 100% virtual - stop and start anytime for ultimate convenience
  • A Manager training course is available for a deeper dive into core HIPAA topics
  • Printable certificate of completion for scores of 80% or above
  • Documentation kept safely in your portal for ongoing record management
  • Annual updates to keep content fresh and relevant
 HIPAA Compliance service options

Our PHIshMD Advanced Training: We also offer ongoing cybersecurity services through our PHIshMD add-on!  In addition to the Core Annual Training, users will receive ongoing cybersecurity education and monitoring to put proactive cybersecurity practices into place to better protect your business, your employees, and your data.

  • Short, weekly security videos & quizzes keep security top-of-mind
  • Simulated phishing educates and tests users on identifying email phishing risks
  • Catch Phish email plug-in gives employees advanced training functionality inside Outlook
  • Dark web monitoring identifies your organization's compromised accounts and credentials
  • Employee Vulnerability Assessment (EVA) calculates each employee's risk-level based on their cybersecurity performance to simplify management and gamify participation
 Learn more about PHIshMD

HIPAA Security Risk Assessment (SRA)

Requirement: The Security Management Process standard in the Security Rule requires organizations to “Implement policies and procedures to prevent, detect, contain, and correct security violations.” (45 C.F.R. § 164.308(a)(1).) Risk analysis is one of four required implementation specifications that provide instructions to implement the Security Management Process standard. Section 164.308(a)(1)(ii)(A) states:

RISK ANALYSIS (Required)

Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI) held by the [organization].

Why a Security Risk Assessment? To work towards compliance and mitigate any risks that your organization may face, the first step is to assess your current state of security and identify any security gaps that may be present. This is done through a Security Risk Assessment (SRA), which is required by HIPAA. It's important to note that the SRA process doesn't end after your initial SRA. Compliance is ongoing, meaning it's something you're continuously working towards, and your SRA is a key component of your journey.

Our Annual HIPAA SRA: Our comprehensive Annual HIPAA Security Risk Assessment is contained in a self-paced online format within your compliance portal. Your organization will be asked to provide the details of your assets (computers, servers, testing equipment, portable media, etc.) and to answer an online questionnaire regarding your current security state. When complete, a final report will be generated detailing the potential risks to your organization and recommendations to help lower each risk.

  • One simple SRA that covers ALL required assessments to save you time and money 
  • Video guidance through all questions and on-demand HIPAA help at any time
  • Done-for-you Work Plan and Executive Summary Report simplifies your next steps
  • Robust assessment deemed "rigorous" by the Office for Civil Rights
  • 100% Audit Pass Rate means our SRA will stand up to the test
  • For all recommendations requiring documentation, additional templates and policies are provided to simplify your next steps
  • Two live consultations with our HIPAA Experts walks you through your SRA and detailed report means peace of mind *Available in our HIPAA Premier Service packages
 Learn more about the Premier Service

HIPAA Policies & Procedures

Requirement: One of the first standards of the HIPAA Security Rule requires organizations to “implement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, or other requirements in this subpart (the HIPAA Security Rule)…”(164.316(a)). These policies and procedures should be documented, updated when necessary and made available to all appropriate personnel that may be responsible for implementing the procedure described.

Why Policies & Procedures? These policies and procedures are the backbone of how your organization operates and demonstrates the efforts that you take in protecting PHI. These documents will provide a clear definition of how important activities and procedures are conducted across the administrative, physical and technical safeguards within your organization.

Our Policies & Procedures : We provide a suite of 18 HIPAA Security Policies and one full HIPAA Privacy Policy. These documents will cover all of the required and addressable HIPAA standards with detailed procedural guidelines. Each policy has been meticulously crafted to cover each measure throughout the HIPAA rules however, each will be provided in Word document format, allowing for customization as needed to reflect the specifics of your organization more accurately. 

These policies and procedures are stored safely in your compliance portal. Additionally, you can require employees to read and acknowledge these policies and procedures through an online digital acknowledgment. This acknowledgment can be tracked by management and reset when updates to your policies and procedures have been made.

In addition to a full set of HIPAA Security and Privacy Policies, organizations will have access to our full suite of additional template files to aid in additional compliance efforts. These template files will go deeper into certain topics and generally will require additional modifications.

Some available templates include:

  • Disaster Recovery Plan
  • Sample Business Associate Agreements
  • Termination Procedures & Checklist
  • Remote Work Policies
  • Notice of Privacy Practices (NPP)
  • Bring Your Own Device (BYOD) Policies
  • And more!
  • Privacy & Security Training
  • HIPAA Risk Assessment
  • Policies & Procedures

HIPAA Privacy & Security Training

Requirement: According to HIPAA Security Rule 164.308(a)(5) all organizations under HIPAA must “Implement a security awareness and training program for all members of its workforce (including management).”

Why Training? While security awareness training is a requirement under HIPAA, its importance extends far beyond “checking a box” on your compliance journey. Cybercriminals are getting more advanced each day, which is why security awareness training must go beyond HIPAA to cover critical cybersecurity topics. The good news? Our training programs cover both!

Our Core Annual Training: We offer an annual, engaging, case-study based HIPAA Privacy & Security Training course included in our HIPAA Essential Service, HIPAA Premier Service, and PHIshMD Cybersecurity Program. Here's an overview of core annual training course:

  • Topics include: HIPAA basics, the HIPAA Security and Privacy Rule, phishing, encryption, password security, breach response, patient rights, the use and disclosure of ePHI and more
  • 100% virtual - stop and start anytime for ultimate convenience
  • A Manager training course is available for a deeper dive into core HIPAA topics
  • Printable certificate of completion for scores of 80% or above
  • Documentation kept safely in your portal for ongoing record management
  • Annual updates to keep content fresh and relevant
 HIPAA Compliance service options

Our PHIshMD Advanced Training: We also offer ongoing cybersecurity services through our PHIshMD add-on!  In addition to the Core Annual Training, users will receive ongoing cybersecurity education and monitoring to put proactive cybersecurity practices into place to better protect your business, your employees, and your data.

  • Short, weekly security videos & quizzes keep security top-of-mind
  • Simulated phishing educates and tests users on identifying phishing risks
  • Catch Phish email plug-in gives employees advanced training functionality inside Outlook
  • Dark web monitoring identifies your organization's compromised accounts and credentials
  • Employee Vulnerability Assessment (EVA) calculates each employee's risk-level based on their cybersecurity performance to simplify management and gamify participation
 Learn more about PHIshMD
Jump to tab navigation

HIPAA Security Risk Assessment (SRA)

Requirement: The Security Management Process standard in the Security Rule requires organizations to “Implement policies and procedures to prevent, detect, contain, and correct security violations.” (45 C.F.R. § 164.308(a)(1).) Risk analysis is one of four required implementation specifications that provide instructions to implement the Security Management Process standard. Section 164.308(a)(1)(ii)(A) states:

RISK ANALYSIS (Required)

Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI) held by the [organization].

Why a Security Risk Assessment? To work towards compliance and mitigate any risks that your organization may face, the first step is to assess your current state of security and identify any security gaps that may be present. It's important to note that the Security Risk Assessment (SRA) process doesn't end after your initial SRA. Compliance is ongoing, meaning it's something you're continuously working towards, and your SRA is a key component of your journey.

Our Annual HIPAA SRA: Our comprehensive Annual HIPAA Security Risk Assessment is contained in a self-paced online format within your compliance portal. Your organization will be asked to provide the details of your assets (computers, servers, testing equipment, portable media, etc.) and to answer an online questionnaire regarding your current security state. When complete, a final report will be generated detailing the potential risks to your organization and recommendations to help lower each risk.

  • One simple SRA that covers ALL required assessments to save you time and money 
  • Video guidance through all questions and on-demand HIPAA help at any time
  • Done-for-you Work Plan and Executive Summary Report simplifies your next steps
  • Robust assessment deemed "rigorous" by the Office for Civil Rights
  • 100% Audit Pass Rate means our SRA will stand up to the test
  • For all recommendations requiring documentation, additional templates and policies are provided to simplify your next steps
  • Two live consultations with our HIPAA Experts walks you through your SRA and detailed report means peace of mind *Available in our HIPAA Premier Service packages
 Learn more about the Premier Service

HIPAA Policies & Procedures

Requirement: One of the first standards of the HIPAA Security Rule requires organizations to “implement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, or other requirements in this subpart (the HIPAA Security Rule)…”(164.316(a)). These policies and procedures should be documented, updated when necessary and made available to all appropriate personnel that may be responsible for implementing the procedure described.

Why Policies & Procedures? These policies and procedures are the backbone of how your organization operates and demonstrates the efforts that you take in protecting PHI. These documents will provide a clear definition of how important activities and procedures are conducted across the administrative, physical and technical safeguards within your organization.

Our Policies & Procedures : We provide a suite of 18 HIPAA Security Policies and one full HIPAA Privacy Policy. These documents will cover all of the required and addressable HIPAA standards with detailed procedural guidelines. Each policy has been meticulously crafted to cover each measure throughout the HIPAA rules however, each will be provided in Word document format, allowing for customization as needed to reflect the specifics of your organization more accurately. 

These policies and procedures are stored safely in your compliance portal. Additionally, you can require employees to read and acknowledge these policies and procedures through an online digital acknowledgment. In addition to a full set of HIPAA Security and Privacy Policies, organizations will have access to our full suite of additional template files to aid in additional compliance efforts. 

Some available templates include:

  • Disaster Recovery Plan
  • Sample Business Associate Agreements
  • Termination Procedures & Checklist
  • Remote Work Policies
  • Notice of Privacy Practices (NPP)
  • Bring Your Own Device (BYOD) Policies
  • And more!
 Learn more about our HIPAA Compliance Solutions
Learn more about our HIPAA Compliance Solutions

See the hIPAA secure now difference

Contact us today to learn how we can help you simplify cybersecurity and HIPAA compliance for your organization.

 PHIshMD Program
HIPAA Compliance Services
Network Vulnerability Scans
Cyber Liability Insurance Coverage

Contact Us

  • HIPAA Secure Now
  • 55 Madison Ave, Suite 400 Morristown, NJ 07960
  • (877) 275 - 4545
  • info@hipaasecurenow.com

Find us on Social Media

Recent Posts

  • ‘Tis the Season for Yams…and Scams November 22, 2021
  • Administrative Safeguards of the Security Rule: What Are They? November 15, 2021
  • Is Your Head or Your Business in the Cloud? November 8, 2021
  • What’s So Important About Security Risk Assessments for HIPAA Compliance? November 1, 2021
  • Human (t)Error October 25, 2021

Subscribe to our Newsletter

  • Hidden

© 2021 · HIPAA Secure Now!