Meet ComplAIIntelligence: Your AI-powered teammate for risk & complianceLearn more
All framework guides

Help Center · Framework guide

HIPAA Security Rule

HIPAA · Healthcare · United States · v2013 Omnibus

PHIHealthcareHITECH

Overview

The HIPAA Security Rule sets administrative, physical, and technical safeguards for electronic protected health information (ePHI).

16 controls available in ComplAI for this framework.

Who it's for

  • Covered entities and business associates
  • Healthtech SaaS handling ePHI
  • Vendors supporting US healthcare customers

Why it matters

Non-compliance risks enforcement and customer loss. ComplAI helps track safeguard implementation and evidence for BAAs and audits.

Administrative safeguardsPhysical and technical safeguardsAccess control and audit loggingBreach response readiness

How ComplAI helps

  • Activate HIPAA in the Framework Library to load its control catalog
  • Assign owners, track compliance status, and attach evidence per control
  • Use risk register and issues workflows when controls fail or deviate
  • Export readiness views for leadership and auditors

Sample controls

  • §164.308(a)(1)

    Security management process

    risk management
  • §164.308(a)(3)

    Workforce security

    human resources
  • §164.308(a)(4)

    Information access management

    access control
  • §164.308(a)(5)

    Security awareness training

    human resources
  • §164.308(a)(6)

    Security incident procedures

    incident response
  • §164.308(a)(7)

    Contingency plan

    business continuity

Getting started

  1. Open Framework Library and activate HIPAA
  2. Review the control list and prioritize high-impact domains
  3. Attach policies, procedures, and technical evidence
  4. Mark controls audit-ready and monitor residual gaps