The Health Insurance Portability and Accountability Act (HIPAA)

What is HIPAA and What Businesses are are Impacted?

Passed in 1996, the Health Insurance Portability and Accountability Act is federal legislation that provides data privacy and security provisions for safeguarding medical information. The Privacy Rule establishes national standards for the protection of certain health information while the Security Rule establishes a national set of security standards for protecting certain health information that is stored or transferred in electronic form. This legislation impacts hospitals, medical facilities, doctor’s offices, etc.

What Does HIPAA Require of Businesses Like Mine?

The Security Rule requires covered entities (those with access to personal medical information) to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting electronic protected health information (e-PHI). Specifically, covered entities must:

  • Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain, or transmit by implementing security measures that reduce risks and vulnerabilities to a reasonable and appropriate level.
  • Designate a security official responsible for developing and implementing security policies and procedures.
  • Identify and protect against reasonably anticipated threats to the security or integrity of the information and impermissible uses or disclosures.
  • Ensure training and compliance of their workforce regarding security policies and procedures.
  • Perform periodic security assessments and evaluations to determine how well its security policies and procedures meet the federal requirements.
  • Employ hardware, software, and/or procedural mechanisms for recording and examining access and other activity in information systems that contain or use e-PHI.

HIPAA regulations require periodic, third-party audits including physical security, technical controls, and administrative policy and procedures. Penalties for violations of HIPAA may include fines or criminal prosecution. See a complete summary of HIPAA law and requirements.

Dox is Your Partner in Meeting HIPAA Federal Regulation Requirements

The experienced experts at Dox are intimately familiar with the requirements of HIPAA. We have helped countless clients guarantee the protection of their patient’s electronic protected health information (e-PHI) as well as ensure they are HIPAA compliant. Through pen testing, audits, and other security assessments, Dox locates possible weaknesses in your organization’s network, physical location, and policies and procedures. We then offer security solutions to address every security issue we discover. With Dox, you can feel confident your business will meet the guidelines for HIPAA regulation compliance.

The Clock is Ticking on HIPAA Regulation Compliance

Annual regulatory compliance is required for HIPAA so if you need help conducting a security assessment or an audit of your business security to meet the requirements, please fill out the contact form below and we will reach out to you as soon as possible.







  • This field is for validation purposes and should be left unchanged.

Certify that your business is HIPAA compliant with Dox!