All framework guides
Help Center · Framework guide
HIPAA Security Rule
HIPAA · Healthcare · United States · v2013 Omnibus
PHIHealthcareHITECH
Overview
The HIPAA Security Rule sets administrative, physical, and technical safeguards for electronic protected health information (ePHI).
16 controls available in ComplAI for this framework.
Who it's for
- Covered entities and business associates
- Healthtech SaaS handling ePHI
- Vendors supporting US healthcare customers
Why it matters
Non-compliance risks enforcement and customer loss. ComplAI helps track safeguard implementation and evidence for BAAs and audits.
Administrative safeguardsPhysical and technical safeguardsAccess control and audit loggingBreach response readiness
How ComplAI helps
- Activate HIPAA in the Framework Library to load its control catalog
- Assign owners, track compliance status, and attach evidence per control
- Use risk register and issues workflows when controls fail or deviate
- Export readiness views for leadership and auditors
Sample controls
- risk management
§164.308(a)(1)
Security management process
- human resources
§164.308(a)(3)
Workforce security
- access control
§164.308(a)(4)
Information access management
- human resources
§164.308(a)(5)
Security awareness training
- incident response
§164.308(a)(6)
Security incident procedures
- business continuity
§164.308(a)(7)
Contingency plan
Getting started
- Open Framework Library and activate HIPAA
- Review the control list and prioritize high-impact domains
- Attach policies, procedures, and technical evidence
- Mark controls audit-ready and monitor residual gaps
