Compliance Standards Library
HIPAA
What is HIPAA?
HIPAA (Health Insurance Portability and Accountability Act) is a U.S. law that includes the Privacy Rule, Security Rule, and Breach Notification Rule. It applies to covered entities and business associates handling protected health information (PHI).
Who is HIPAA for?
- Healthcare providers, health plans, and clearinghouses (covered entities)
- Vendors/service providers that create, receive, maintain, or transmit PHI (business associates)
Typical timeline
HIPAA readiness is usually approached as an ongoing program: documenting safeguards, implementing administrative/technical/physical controls, training, and maintaining evidence over time.
What SecureSlate can help automate
- Policy and procedure management (versioning, assignment, approvals)
- Evidence collection (training, access reviews, vendor reviews, system evidence)
- Ongoing monitoring signals where available (e.g., cloud/security integrations)
Does HIPAA require a formal audit?
Not always. HIPAA compliance is required by law, but there is no universal “HIPAA certification.” Regulators can investigate and audit based on incidents, complaints, or targeted enforcement, so maintaining defensible evidence is key.