Accessibility Icon
Search icon.Shopping cart icon.
BBB accredited business. A plus rating.
Trustpilot 4.6 star rating.

7 Things You Should Know About HIPAA Compliance

Between 2003 and August of 2022, the US Department of Health and Human Services received more than 300,000 privacy rule complaints. The HHS investigated and implemented corrective action in many of these cases.

These privacy rule complaints are directly linked to HIPAA compliance. Many organizations fall under HIPAA regulations. Because of this, it’s important that you understand them in order to avoid a complaint and possible investigation.

Keep reading to learn seven things you should know about HIPAA compliance.

1. What Is HIPAA Compliance?

The Health Insurance Portability and Accountability Act (HIPAA) is a set of regulations that aims to protect patient data. The Privacy Rule applies to certain entities and people who may come into contact with certain patient information. They must keep this information safe and secure.

Basically, this means that organizations and people with access to certain private information need to keep that information private. They cannot just treat the information in a carefree way or let anyone have access to it. If they do, they will be in violation of these regulations.

Compliance with HIPAA entails understanding and following the standards set forth by the Act. Compliance is mandatory for those people and organizations that may handle sensitive information.

2. What Information Falls Under HIPAA?

Information that falls under HIPAA is known as Protected Health Information (PHI). This data must comply with the Privacy Rule in any state, whether it is written, oral, or electronic. It also does not matter if it’s being stored, disclosed, or transferred.

PHI includes any information regarding past, present, and future health information. This applies to both mental and physical health. It also applies to health care notes related to the patient.

In addition, information about past, present, and future health-related payments is also covered. Finally, HIPAA compliance also entails protecting information that could identify someone. Most commonly, this is demographic information.

3. Does HIPAA Compliance Apply to You?

You should know whether HIPAA compliance applies to you. This way you can determine if you need to complete HIPAA compliance certification and any other steps you should follow.

Individuals or organizations categorized as the following are subject to HIPAA:

  • Health care providers
  • Health insurance companies
  • Health care clearinghouses

Even students under these types of organizations must comply with HIPAA.

However, there are others that you may not immediately associate with HIPAA compliance that are subject to it. For example, accountants, lawyers, and IT professionals who may come into contact with PHI must still protect that patient data.

4. HIPAA Regulations Can Change

HIPAA itself does not set procedures on how to protect patient data. Instead, it explains what must be protected and by who. It is up to each entity to determine the best way to implement these standards.

In order to do this, you must stay aware of any changes in the regulations. The last update to the rules was in 2013. Experts suggest there will be new rules introduced in 2022.

If this passes, it is critical that all applicable individuals in your organization understand and can implement the standards. This means any necessary changes need to be made.

5. You Could Be Audited

It’s quite common for organizations to have an audit from a third party. This helps ensure they are compliant. However, in some cases, you may be subject to a mandatory Department of Health and Human Services (HHS) audit. This occurs when there is suspicion that an organization has failed to comply with HIPAA standards.

Working with a third party to ensure adequate HIPAA compliance training and compliance can help find potential problems before they occur. In addition, look back on any past mistakes found by voluntary audits to see what gaps in compliance can be fixed.

6. Non-compliance Has High Costs

The most common causes of non-compliance were data breaches or lack of business agreements with supply chain partners when required.

If your organization is audited and fails, it could face substantial fines. On average, the fine for non-compliance was $500,000. This is a very serious fine and can be a large amount for many healthcare organizations.

Organizations found in breach of compliance may also face other penalties as well. This may include negative publicity and a decrease in patient loyalty and even a decrease in internal productivity.

These penalties are a way for the Office for Civil Rights (OCR) to send a message to the healthcare and related industries on the importance of protecting patient privacy.

7. HIPAA Compliance Training Is Available

The HIPAA Privacy Rule is very large and all-encompassing. This makes it difficult for some organizations to adequately inform all of their employees. Some may simply not have the resources to create and implement a thorough training program.

Luckily, HIPAA compliance training programs can fill this gap. This is an easy way to ensure all employees know exactly what they need to do. In fact, entities are required to make every reasonable effort to adequately train their teams.

Protect Your Patients’ Privacy

Knowing everything surrounding HIPAA compliance can be a bit confusing. After all, you need to know who and what it applies to and figure out how to best implement the standards.

You can make completing your HIPAA compliance checklist easier. Consider working with a HIPAA compliance training program. You’ll rest easier knowing your entire team is thoroughly informed about how they can protect patient privacy.

Get in touch with Compliance Training Online to learn more about our HIPAA compliance training programs.



Your time is valuable. We've designed our site to be as fast as possible.

Easy to use

You'll never get lost or confused with us.

Immediate Access

There's no waiting period. Begin the course as soon as you sign up.

Anywhere Anytime

Internet connection and a computer, tablet, or smartphone.

Up to date

We update our courses as soon as new regulations come out.