HIPAA is short for the Health Insurance Portability and Accountability Act. It’s a federal law in the US, creating national standards for protecting sensitive patient health information.

What is HIPAA?

HIPAA is short for the Health Insurance Portability and Accountability Act. It’s a federal law in the US, creating national standards for protecting sensitive patient health information. The goal of HIPAA is to ensure that patients’ health information is protected securely, whilst also allowing the flow of information where necessary, to make sure that the patient gets correct, high quality health care. In the UK our equivalent is the Data Protection Act, but any companies operating in the US are required to adhere to HIPAA standards, so it’s important to be aware of.


What is HIPAA information?

HIPAA protects a whole variety of information pertaining to a client’s health and medical history, which can be in any form, be it oral, written or electronic. This is otherwise known as Private Health Information, or PHI. Types of PHI include:

  • An individual’s physical or mental health conditions - this can be past conditions or ongoing.
  • Details of health care that they are receiving or have received
  • Other health information such as test results, prescription information or diagnoses
  • Any sort of information which can identify an individual, such as their name, address, date of birth, fingerprints or other types of identifiers. 


What are the three components of HIPAA compliance?

HIPAA is divided into three components which organisations will need to take into account.


Administrative requirements

  • Access walls: This involves making sure only the right people have access to sensitive information, so that information is not needlessly spread around the organisation.
  • Employee training: Every employee needs to know how HIPAA applies to their role and the importance of compliance and confidentiality. Employees are a major line of defence when it comes to security, it’s not just about the technology they use but how they use it. 
  • In case of emergency: Preparing for the event of data loss - the organisation needs to make sure there are backups, and have a contingency plan for emergency situations.


Physical requirements

  • Safe devices: Ensure that employees know how to keep their devices physically safe - e.g. locked, password protected, on their person, having security measures in place like not allowing business devices to be taken off-site. 
  • Secure upgrades: When upgrades or installations happen, making sure old technology is disposed of properly for example, wiping hard drives.


Technological requirements

  • Employee training: Make sure employees are aware of common cyber attacks like phishing scams and how to avoid them.
  • Antivirus and malware protection: Keeping up to date with the modern threat landscape and having modern cyber security protocols.
  • Encryption: Any sensitive information which is shared via the Cloud or email needs to be encrypted. 


Do I need to be HIPAA compliant?

As we mentioned earlier, any company who deals in the US and accesses PHI needs to be aware of being HIPAA compliant.

There’s a common misconception that only ‘covered entities’ need to comply - these include healthcare providers or organisations who provide healthcare plans. 

There are also what is called ‘business associates’ which is if as an organisation you handle PHI to any degree, for example if you work in quality assurance or data analysis, you will also need to be compliant.


What are HIPAA violations?

A HIPAA violation is separate from a HIPAA breach. A data breach becomes a violation when it’s the result of negligence or an ineffective, outdated HIPAA programme. 

An example of a data breach is if an employee’s work device that carries PHI is stolen, a HIPAA violation would be if the organisation hasn’t taken steps to protect these devices, e.g. prohibiting them from being taken off work premises.


Penalties for HIPAA violations

The penalty depends on the severity of the violation and differing factors. These include:

  • The nature of the violation
  • If action was then taken to correct the violation
  • How many individuals were impacted 
  • If the intent was malicious or if it was for personal gain 

Penalties can include fines upwards of $100 and can go over $1 million for organisations, and even prison sentences depending on the severity. 


How can a managed IT provider like Team Metalogic help with HIPAA compliance?

We work with all types of businesses in many sectors, including organisations that need to achieve different levels of security compliance. 

When we start working together we will discuss with you, to understand your business needs and recommend the right action to take and the products you need. We can also run awareness courses for your staff to make sure everyone is on the same page when it comes to compliance, and that no accidental breaches or violations take place.

We become a strategic IT partner and an extension of your business, so as your organisation grows we will adapt the work we do for you to ensure continued compliance. 

Hopefully now you’ve got more understanding about how HIPAA works and if you need to comply. The most important thing is to be proactive, and working with a managed IT provider like Team Metalogic will ensure that you remain compliant and you can get on with doing what you do best. 

We're Team Metalogic

We’re Team Metalogic, a managed IT support provider offering managed IT services to SMEs across the UK. With a proven track record, with extensive experience and a full portfolio of industry accreditations and certifications.

Our stress-free solutions don’t complicate things, in fact, they improve efficiency and save money. We want to improve your IT services and security. Want support and security for your business and data?

Get in touch with us today - our team would love to chat with you!

Share this page

New Partner Portal

We're excited to announce our all-new IT support and management portal for our Partners. It gives you access to everything you need from a single place — with plenty of additional benefits too.

Find out more

7 brilliant reasons to use outsourced IT services

Almost every business in every sector needs some kind of technology in order to achieve their goals. From the PCs, laptops and mobile devices you use every day, to the servers your business operates on and the security of your data, IT is everywhere. 

Find out more

Windows 11 is coming: What are its key features and benefits?

It’s been half a decade since Windows 10 was released, and the IT world is preparing itself for a big change. It’s recently been announced that Windows 11 is going to be released towards the end of this year, promising a cleaner, fresher feel than its predecessor but still with the familiar aspects that we all love about Windows.

Find out more

What is Azure Windows Virtual Desktop?

As the workforce becomes increasingly remote, the need for flexible, agile working is becoming more and more important and so technology needs to meet these requirements.

Find out more

Wondering if we have the right solution for you?

We’d love to talk

Request a call back

We use cookies to personalise and enhance your experience on our site and improve the delivery of ads to you. Visit our Cookie Policy to learn more. By clicking 'accept', you agree to our use of cookies.