HIPAA Compliance Guide

A HIPAA compliance guide is a useful tool that can help healthcare organizations and their business associates make sense of their Health Insurance Portability and Accountability Act (HIPAA) obligations.


It is essential that all requirements of HIPAA are understood and policies and procedures are introduced covering each implementation specification laid down in 45 CFR Parts 160, 162, and 164. If an organization fails to comply with all of the requirements of HIPAA, and non-compliance is discovered by regulators, substantial fines can be issued. The maximum financial penalty is $1.5 million per violation category.

The HIPAA Administrative Simplification Regulations

HIPAA was introduced to improve the efficiency and effectiveness of the healthcare system in the United States. The four main purposes of HIPAA are insurance portability, administration simplification, health information privacy, and the security of electronic healthcare records.

The combined text of the HIPAA Administrative Simplification Regulations runs to 115 pages. HIPAA ensures that individuals are able to retain insurance coverage while they are between jobs. HIPAA requires certain code sets and transaction and identifier standards to be adopted to simplify the administration of healthcare and reduce the clerical burden on healthcare organizations.

The HIPAA Privacy Rule sets national standards which must be adopted by three main types of healthcare organization:  Healthcare providers, health plans, and healthcare clearinghouses that conduct healthcare transactions electronically. The HIPAA Privacy Rule standards help to ensure the privacy of patients and insureds is protected.

The HIPAA Security Rule sets standards which ensure the confidentiality, integrity, and availability of protected health information. The Security Rule requires safeguards to be implemented to keep electronic protected health information secure at all times and protected against unauthorized access.

The HIPAA Breach Notification Rule sets standards for reporting security breaches where healthcare information has been accessed by or disclosed to unauthorized individuals or has otherwise been exposed.

The HIPAA Administrative Simplification Regulations also include the Enforcement Rule, which sets standards for the enforcement of compliance with HIPAA Rules.

HIPAA was updated by the final Omnibus Rule in 2013 which incorporated several provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act to strengthen privacy and security protections for electronic health information.

In addition to applying to healthcare providers, health plans, and healthcare clearinghouses, business associates of those entities also have obligations and must comply with certain elements of HIPAA Rules.

Benefits of a HIPAA Compliance Guide

HIPAA may simplify the administration of healthcare, but compliance is far from simple. The text of HIPAA can be confusing. Several aspects of HIPAA could be interpreted in different ways and changes to technology over the years has also added to the confusion.

The purpose of a HIPAA compliance guide is to take all of the required elements of HIPAA and explain each element in more detail and provide guidance and context to help HIPAA-covered entities and their business associates make sense of the requirements of HIPAA.

We have found this useful HIPAA compliance guide which explains the background of HIPAA, the terms commonly used throughout the text, and covers the implementation specifications in more detail and applies them to current technologies.

Click here for the HIPAA Compliance Guide