Home
HIPAA Compliance

HIPAA Compliance

Learn about HIPAA compliance solutions for covered entities and business associates.

Request a QuotePrice range Calculator
A healthcare worker uses a computer protected HIPAA compliance
Jump to Section
Services
Why SM
FAQ
Resources

Get started on your path towards HIPAA compliance

request A quote

What are your HIPAA compliance requirements?

Nothing is more frustrating than companies that promise solutions, but fail to deliver. SecurityMetrics helps you identify which HIPAA requirements apply to your organization and guides you through HIPAA compliance. SecurityMetrics' unmatched support helps you every step of the way on your path towards HIPAA compliance. When you partner with SecurityMetrics, you will love our detailed work and world-class support.

storefront

Services

HIPAA Assessment

For fewer than 25 employees

Learn more
trending_flat

HIPAA Onsite Audit

For more than 25 employees

Learn more
trending_flat

Health Network Program

Organize your health network's HIPAA compliance

Learn more
trending_flat

BA Compliance Monitoring

Manage and track business associates

Learn more
trending_flat

HIPAA Policies

Customizable HIPAA and security policy templates

Learn more
trending_flat

HIPAA Training

Train employees how to handle patient data

Learn more
trending_flat

Why choose SecurityMetrics?

Get fully-supported HIPAA compliance

Learn to get HIPAA compliant without the confusion–even if you're new to HIPAA.

SecurityMetrics has many HIPAA solutions, to fit your exact needs.

editor_choice
Award-winning HIPAA support
HIPAA compliance absorbs time, personnel, and other valuable resources from your organization. SecurityMetrics provides easy-to-implement, comprehensive security services in a timely, accurate, and headache-free solution to HIPAA security.
sync_saved_locally
Guided HIPAA compliance
Stop wondering if your compliance efforts are going to waste. SecurityMetrics guides you down a path to compliance and provides peace of mind in knowing you have taken the appropriate steps to protect your patients and organization from data compromise.
groups
Lasting data security
Our solutions not only simplify your compliance efforts today, but also provide the resources and education needed to create lasting data security protection for tomorrow.
support_agent
Automating HIPAA compliance
SecurityMetrics combines innovative data security tools with award-winning customer support to help guide your organization to compliance and maximize the security benefits of your HIPAA efforts.
verified_user
A partner you can trust
Over the past decade we've has helped more than one million organizations secure data and comply with various mandates. When you partner with SecurityMetrics, you have confidence that a solution to your compliance problems is never more than a phone call away.

Get started on your path towards HIPAA compliance

Request A Quote

HIPAA Compliance FAQs

What Does HIPAA Stand For?

HIPAA stands for Health Insurance Portability and Accountability Act. It was formed in 1996 and, among other things, protects patient health information.

Who must be HIPAA compliant?

The HIPAA Rules apply to two groups: covered entities and business associates. A covered entity is a health plan, health care clearinghouse or health care provider who electronically transmit any health information. Examples of covered entities are:

  • Doctors
  • Dentists
  • Pharmacies
  • Health insurance companies
  • Company health plans

A business associate is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity. Examples of business associates (whose services involve access to PHI) are:

  • CPA
  • Attorney
  • IT providers
  • Billing and coding services
  • Laboratories

For more detailed information on the definition of a covered entity and businesses associate visit The Department of Health and Human Services (HHS) website.

What is the HIPAA Privacy Rule?

The HIPAA Privacy Rule provides federal protections for personal health information and gives patients rights to their own protected health information (PHI). The Privacy Rule permits the disclosure of PHI needed for patient care and other important purposes. The Privacy Rule applies to all healthcare providers, including those who do not use an Electronic Health Record (EHR) system, and includes all mediums: electronic, paper, and oral.

Privacy Rule Basics:

  • Spells out administrative responsibilities
  • Discusses written agreements between covered entities and business associates
  • Discusses the need for privacy policies and procedures
  • Describes employer responsibilities to train workforce members and implement requirements regarding their use and disclosure of PHI.

Privacy Rule Examples:

  • Train all employees on its privacy policies and procedures
  • Properly dispose of documents containing protected health information
  • Secure medical records with lock and key or pass code
  • Create procedure for individuals to know to whom they can submit a complaint about a covered entity's compliance with the Privacy Rule

What is the HIPAA Security Rule?

The HIPAA Security Rule requires covered entities, business associates, and their subcontractors to become HIPAA compliant by implementing safeguards to protect electronic protected health information (ePHI) that is created, received, or maintained. It specifies a series of administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of ePHI. Most violations of the HIPAA Security Rule result from businesses not following policies and procedures to safeguard ePHI, thus preventing them from becoming HIPAA compliant.

Security Rule Basics:

  • Establish a national set of security standards for ePHI
  • Protects health information held or transmitted in electronic form
  • Requires administrative, physical, and technical safeguards to secure ePHI
  • Supports the Privacy Rule requirement to reasonably safeguard PHI in all forms

Security Rule Examples:

  • Designate a security officer who is responsible for compliance
  • Create policies and procedures that explain proper use of workstations and electronic media
  • Ensure all employees have unique passwords
  • Limit physical access to covered entity's facilities

Resources

The following are related resources that we have prepared for you. Find more answers to your questions in our Learning Center.

download
SecurityMetrics Guide to HIPAA Compliance
Guide
play_arrow
How to Prepare for a HIPAA Audit
Webinar
download
SecurityMetrics Guide to PCI DSS Compliance
Guide
download
HIPAA IT Checklist
Checklist

See how we've helped our clients succeed

When you succeed, we succeed. That's why we pay such close attention to detail and provide award-winning support. Let's work together!

TESTIMONIALS

The relevance of ensuring proper ecommerce website security and protecting card holder data continues to be paramount for our organization, and we could not manage this process better without the reporting tools and excellent technical expertise provided by SecurityMetrics.

Jason Drake
Premiere Sports Travel

SecurityMetrics is an integral part of the team in our PCI program. We depend on the assessors to make sure that we stay on the compliance track. They do it with developing relationships across campus, discussing upcoming projects or application changes, and being available to us for consulting. They are knowledgeable, helpful and help us keep the campus engaged by their friendly demeanors.

Robbyn Lennon
University of Arizona

We have been customers of SecurityMetrics for about eight years. We are so impressed with the patient and professional way that their staff treats customers. They do not hurry, seem tired, act annoyed or too busy to work with their customers. Every person I spoke to was great!

Naomi Christman
The ProImmune Co, LLC

SecurityMetrics is the most retail friendly solution. At the small business level, frequently the person that has to interface with the tool is an owner or someone who has financial responsibility, but they may not necessary be technically savvy with using online tools. We believe SecurityMetrics meets that need better than anyone else we've seen.

Steve Methvin
Bozzutos

SecurityMetrics' Pen Testing has definitely helped us improve our network security in ways I could have never imagined. You just don't know what you don't know. I am absolutely confident in their team's abilities and my experience has led me trust them implicitly as a security partner. Their depth of understanding is impressive, and their professionalism is unmatched.

Morgan Leppink
Internet Ticketing Systems

We’ve been using SecurityMetrics for our onsite PCI audits for more than 10 years now. We have continued to come back and return to SecurityMetrics due to the value that has been supplied by them. SecurityMetrics has been around long enough now and they’ve been one of the top providers when it comes to PCI compliance, that I know they’re in it for the long haul.

Dawn Martinez
SVP, NewTek Merchant Solutions

Request a Quote for HIPAA Compliance

SecurityMetrics has many HIPAA solutions, to fit your exact needs. Speak with our sales team today to get the products you need to continue your compliance journey.

Fill out the form below to get a quote.

We strive to fulfill privacy requirements and protect your data.
We want to send you emails containing educational and promotional information. You can unsubscribe at any time. By submitting your personal data, you give us permission to send you emails. We will not share your data with anyone. The SecurityMetrics data retention policy is to keep data for five years after no further activity from you. You have the right to control the data you submit, lodge a complaint to a supervising authority, and to unsubscribe or withdraw consent at any time. You are not required to give us your data. We use marketing automation to match our solutions with your interests. See our privacy policy for more info. If you are unfamiliar with GDPR, you can learn about it on our blog.
Thank you! Your submission has been received!

We'll contact you in 1–2 business days.
Oops! Something went wrong while submitting the form.
Stay up to date
Subscribe to our blog.
Subscribe Now
Data Security
Vulnerability ScanningPenetration TestingSecurity TrainingPANscan®SecurityMetrics VisionSecurityMetrics MobileCIS Controls AssessmentConsultingResellerForensic/Incident ResponseData and Network SecurityData Security AcademyWebpage Integrity Monitoring (WIM)Shopping Cart Inspect (PCI Req. 11.6.1)Shopping Cart Monitor (PCI Req. 11.6.1)SecurityMetrics Pulse
Compliance
GDPR CompliancePCI CompliancePCI DSS AuditPCI Level 4 ProgramPA-DSS/SSF AuditP2PE AuditPIN Security AssessmentPCI PoliciesPCI TrainingHIPAA ComplianceHIPAA PoliciesHIPAA TrainingHealth Network ProgramHITRUST
Company Info
About UsBlogGlossaryMedia RelationsCareersTerms of UsePrivacyAbuseDo Not Sell My Information
Contact
Contact UsReport a Vulnerability
SecurityMetrics podcast logoLinkedIn logoFacebook logo
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy PolicyTerms and Conditions
Your IP Address is:
YouTube logoSecurityMetrics podcast logoLinkedIn logoFacebook logo
Subscribe to our blog
Subscribe Now
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy Policy
|
Terms and Conditions
|
Your IP Address is:
000.000.000.000