According to a recent American Medical Association survey, more than 92% of patients believe privacy is a right and their health data should not be available for purchase. Yet nearly 75% of patients also express concern about the privacy of their personal data.

In response to growing concerns about data privacy, governments around the world have passed legislation to address varied risks to the security and confidentiality of patient data.  

In 1996, the United States passed the Health Insurance Portability and Accountability Act (HIPAA) in part to establish a set of requirements for healthcare organizations to protect sensitive patient data. The purpose of this landmark legislation is to keep data safe while giving patients more power over who can access their personal data and for what purpose. 

In this overview for beginners, we’ve broken down HIPAA rules and regulations into clear-cut fundamentals so you can quickly and easily understand whether you need to be compliant. 

You’ll learn the essentials of HIPAA legislation, including the types of organizations affected by the law and how it applies to your business and patients.

What is HIPAA Compliance and Why is it Important?

Learn the details of HIPAA legislation, why it’s important, and what the law means for organizations handling PHI today. 

Who Needs to be HIPAA Compliant? Covered Entities vs Business Associates Explained

Learn which organizations must comply with HIPAA regulations and the difference between covered entities and business associates. 

What is PHI Under HIPAA? Requirements for Compliance

Understand what’s considered PHI, get real examples, and learn what covered entities must do to protect this type of data.

HITRUST vs HIPAA: The Similarities and Differences Healthcare Organizations Need to Know

Learn what HITRUST CSF is and how it's related to HIPAA to decide the best path for your compliance journey. 

SOC 2 + HIPAA Compliance: The Perfect Duo for Data Security

Learn how the two standards complement each other in providing robust cybersecurity and privacy protections.