Meet ComplAIIntelligence: Your AI-powered teammate for risk & complianceLearn more
All framework guides

HIPAA Hub

HIPAA Compliance Hub

Healthcare data protection in the United States

Overview

The Health Insurance Portability and Accountability Act (HIPAA) Security Rule sets national standards for protecting electronic protected health information (ePHI). Covered entities and business associates must implement administrative, physical, and technical safeguards.

Who needs it?

Healthcare providers, health plans, healthcare clearinghouses, and business associates that create, receive, maintain, or transmit ePHI in the United States.

Key topics

  • Administrative safeguards (risk analysis, workforce training)
  • Physical safeguards (facility access, device media controls)
  • Technical safeguards (access control, audit controls, encryption)
  • Business Associate Agreements (BAAs)
  • Breach notification under the HITECH Act

Typical timeline

HIPAA compliance is ongoing. OCR investigations follow complaints or breaches; HITRUST or SOC 2 + HIPAA mappings are common attestation paths for vendors.

How ComplAI helps

  • HIPAA Security Rule mapped controls
  • Policy templates for workforce and access management
  • Vendor risk assessments for business associates
  • Evidence collection for safeguard implementation