How to Become HIPAA Compliant: The Ultimate Guide


Since 2003, the Department of Health and Human Services (HHS) has received over 257,000 HIPAA complaints. To avoid being part of that statistic, you should know how to become HIPAA compliant and stay that way.

Whether you work for a medical office, hospital, or health insurance company, complying with HIPAA is crucial. If you don’t comply, you could compromise patient information.

Keep reading to learn about becoming HIPAA compliant.


While it may sound overwhelming, the easiest way to learn how to become HIPAA compliant is to read the entire act. Reading all of HIPAA can take a long time, but it’s not your only option.

The HHS has summaries of different rules within HIPAA. You can read the summaries to get an overview of the various HIPAA compliance requirements.

Summaries are available for the Privacy, Security, and Breach Notification Rules. You can use the summaries to help as you become HIPAA compliant, and you can review them regularly when any changes occur.

However, reading the entire legislation will ensure you don’t miss any important details. Then, you can make sure everyone in your office complies with the law.

Understand Protected Health Information

As you review HIPAA, you should know and understand what qualifies as protected health information (PHI). In general, can’t disclose PHI to someone other than the patient without the patient’s approval.

However, there are exceptions, such as when the patient needs emergency care. Knowing these exceptions is also essential for HIPAA compliance.

Examples of PHI include:

  • Patient names
  • Birthdate
  • Email address
  • Telephone number
  • Account number
  • Health plan beneficiary
  • Full face photos

Providers need to protect any piece of information that could identify a patient. If you need to release PHI for public health records or a similar purpose, you must do so in a way that doesn’t disclose the patient’s identity.

Know Who Is a Covered Entity

Covered entities under HIPAA refer to people that need to become HIPAA compliant if they aren’t already. Health plans and providers, such as doctors and nurses, fall into this category.

Healthcare clearinghouses that work with health data also must comply with HIPAA. And in certain cases business associates, such as medical transcriptionists and consultants, should become HIPAA compliant.

However, not all business associates need to comply. For example, a hospital marketing team may not need to access patient information. In that case, the marketing team doesn’t need to worry about becoming HIPAA compliant.

Consider who in your organization is a covered entity so that you can ensure they comply with HIPAA. That way, your entire company can follow the rules.

Review Protections and Policies

You should also review your policies and the protections you take to protect patient PHI. Make sure everyone knows and understands your policies surrounding accessing and using PHI.

Review your policies and protections regularly to make sure you stay in HIPAA compliance. You should also take that time to learn the most up-to-date information on HIPAA security compliance as well as privacy compliance.

If you change your policies, inform your staff of the changes so that they can stay in compliance. You should also make your policies available to any new employees when they start.

If you find your staff has a hard time staying in compliance, you can have them take a HIPAA certification course. That way, they can better understand the law and how it relates to your policies.

Implement Safeguards

After you review your policies and procedures, consider if it’s time for a change. You may not always need to add more safeguards, but implementing some can help you keep PHI confidential.

Your office can use physical, technical, and administrative safeguards. Physical safeguards refer to those that protect physical access to PHI and other confidential files.

Technical safeguards involve things like usernames and passwords to keep people from getting into computers. And administrative safeguards include assessing and addressing risk and restricting access to third parties.

Some safeguards don’t have to be as strict, but the more safeguards you implement, the better you can protect patient information. That way, you can keep those files confidential and ensure only people who need access have it.

Use Disclosures

Another important part of HIPAA compliance is to use disclosures. A disclosure is how you inform patients and parents of the steps you’re taking to protect their health information.

Your disclosure should include your safeguards as well as the information you may need to give to other parties, such as the patient’s health insurance company. If a patient has any questions, do your best to answer them.

You should give a written disclosure to your patients or their parents, when the patient is a minor. The patient or parent should then sign a form stating they have and understand your policies.

Give patients a new disclosure any time you make changes to your policies. That way, everyone can have the most up-to-date information possible.

Provide Ongoing Training

While you don’t have to offer training on how to be HIPAA compliant, it’s a good idea. Providing ongoing training can help new and current employees stay on top of the regulations and requirements.

You can give training each year or whenever you make changes to your company policies regarding HIPAA. Whenever you hire someone new, they should receive that training before they start.

If you can’t train your employees in-house, you can enroll your team in a HIPAA course. A good course can cover the basics of HIPAA compliance, and some courses can go more in-depth for certain roles within healthcare.

Training can also give employees a chance to ask questions about any policy changes. You can answer their questions and explain the reason for the change, and you can review any other issues with your staff.

Reviewing How to Become HIPAA Compliant

HIPAA compliance is essential for anyone working with patients. Doctors, nurses, and other healthcare professionals need to know how to become HIPAA compliant.

Steps include reviewing what qualifies as protected information, using safeguards, and reviewing policies regularly. That way, you can ensure you stay in compliance with HIPAA.

Did you enjoy this article? Check out our health section for more content.