What is HIPAA Compliance?

HIPAA is a United States regulation designed to protect the personal data collected as part of providing health care to individuals. HIPAA provides a set of minimum data security requirements for organizations that handle protected health information (PHI).


What does HIPAA stand for?

The acronym stands for the Health Insurance Portability and Accountability Act (HIPAA).


What is HIPAA Compliance certification?

The HIPAA Certification Program enables all companies that process and manage patient health information to stay on top of the HIPAA Security, Privacy and Breach Notification Rules throughout the year. Beyond conducting the initial risk assessment of technical and non-technical safeguards and developing the corresponding remediation plan, the program will translate federal and state mandates that are relevant to your business.

THE RESULT: A comprehensive, ongoing plan developed just for your organization. Quarterly updates keep you abreast of guidance from the Office of Civil Rights which administers HIPAA, HIPAA changes, the latest technology trends, and industry best practices


  Related Resource:  


HIPAA Compliance vs. HIPAA Compliance Certification

In short, HIPAA compliance is about the rule and regulations, whereas HIPAA compliance certification relates to the process of training to become HIPAA compliant.

To ensure members of your organization are trained in HIPAA compliance, Avertium provides a HIPAA Certification Program that is equipped with a comprehensive, ongoing plan developed just for your organization to keep you aligned and updated with HIPAA regulations, including the latest industry trends and best practices.

Why is HIPAA Compliance important?

To understand why HIPAA compliance is important, one must understand why HIPAA regulations are put in place - to protect sensitive personal health information (PHI). HIPAA compliance ensures business associates and covered entities handling PHI are implementing those safeguards and security measures.

Avoid receiving fines for alleged PHI infringements, carried out by the Office for Civil Rights, by detecting security vulnerabilities through a risk assessment.

It is of utmost importance to know if HIPAA compliance is applied to your organization. If you are unsure whether your organization identifies as business associates or covered entities handling PHI and is therefore protected by HIPAA, reach out to Avertium for a consultation.


Who is subject to HIPAA compliance?

The HIPAA regulation applies to “covered entities” and “business associates” that handle “protected health information”. According to the HIPAA regulations, there are three types of covered entities:

  • Health plans
  • Health care clearinghouses
  • Health care providers

As for business associates, they are an organization that has a vendor or subcontractor relationship with a covered entity and handles protected health information as part of that relationship. If an organization has access to health information in a digital or physical form or access to systems that generate or store this information, they may be considered a business associate under HIPAA.


  Related Regulatory Resources:  


Who oversees federal HIPAA compliance? Who audits companies for HIPAA Compliance?

The HIPAA Privacy and Security Rules are monitored and enforced by the Office for Civil Rights (OCR). HHS’s Office for Civil Rights is responsible for enforcing the Privacy and Security Rules. Enforcement of the Privacy Rule began on April 14, 2003, for most HIPAA-covered entities.

Since 2003, OCR's enforcement activities have obtained significant results that have improved the privacy practices of covered entities. The corrective actions obtained by OCR from covered entities have resulted in systemic change that has improved the privacy protection of health information for all individuals they serve.


  Related Resources:  



Back to the top ^






How can I achieve HIPAA Compliance?

The first step is to complete a HIPAA risk assessment. According to the US Department of Health and Human Services (HHS), the law requires an annual risk analysis to be completed as the initial step in identifying and implementing security measures that comply with and carry out the standards and implementation specified in the Security Rule.

  Related Regulatory Resources:  


What does the HIPAA compliance certification process look like?

We got you. Avertium walks your organization through a four-step certification process. Kicking off is identifying any areas of risk within your organization and comparing it against HIPAA regulations through a comprehensive risk assessment. Following that is a gap analysis that dives into the identified risks and is then used to create an initial roadmap of recommendations for remediation efforts. Next, when the initial roadmap is clearly laid out and is HIPAA compliant, is the process of implementation. And the partnership doesn’t end there. The last step is an ongoing compliance plan with quarterly checkpoints and consulting to help keep your organization aligned and updated with HIPAA regulations. 


  Related Resource:  


How do I ensure HIPAA compliance?

The best practice to ensure your organization is compliant with HIPAA is by implementing encryptions throughout any network with access to electronically protected health information (ePHI) data.

The best method to ensure you’re compliant with the HIPAA encryption standard is by following these steps:

  1. Implement encryption on all devices that store or have access to ePHI.

  2. Implement encryption for the transmission of ePHI when using unsecure methods such as email and removable media (USB flash drives, external hard drives, etc.).

  3. Implement encryption for ePHI data at rest and in transit.

  4. Stay up to date with current Federal and state legislation regarding breach notification requirements including encrypted data.

  5. Maintain proper response and reporting for employees who are sending unencrypted ePHI.

  6. Know and follow your corporate policies and procedures.



Back to the top ^





Identifying whether your organization is subject to HIPAA requirements is only the first step in the process of becoming compliant with the relevant requirements. Understanding the minimum requirements outlined by HIPAA and techniques for applying these requirements to an organization’s unique situation is necessary to ensure that an organization is not in violation of HIPAA regulations.

Avertium is a top HIPAA compliance company with a team of experts to help you determine whether your organization is subject to HIPAA and take the necessary steps to meet or exceed HIPAA’s minimum requirements for properly managing protected health information.

Contact us to learn more about our HIPAA compliance services and certification program.

Back to the top ^




Avertium is a cyber fusion company with a programmatic approach to measurable cyber maturity outcomes. Organizations turn to Avertium for end-to-end cybersecurity solutions that attack the chaos of the cybersecurity landscape with context. By fusing together human expertise and a business-first mindset with the right combination of technology and threat intelligence, Avertium delivers a more comprehensive approach to cybersecurity. 

That's why over 1,200 mid-market and enterprise-level organizations across 15 industries turn to Avertium when they want to be more efficient, more effective, and more resilient when waging today's cyber war. 

Avertium. Show No Weakness.®



Chat With One of Our Experts

HIPAA Certification HIPAA Compliance HIPAA Risk Assessment HIPAA Encryption Standard HIPAA GRC Privacy compliance Blog