How to comply with the HIPAA security rule

Insureon Staff.
By Insureon Staff
Updated: August 9, 2022
The HIPAA security rule consists of three components that healthcare organizations must comply with. Find out how to ensure that your organization checks out.
Medical team having a meeting

The HIPAA security rule requires healthcare professionals and healthcare facilities to secure patient information that is stored or transferred digitally from data breaches, erasure, and other problems. 

The law’s requirements may seem overwhelming, but it’s crucial that you and all of your employees remain in compliance.

The three components of HIPAA security rule compliance

Keeping patient data safe requires healthcare organizations to exercise best practices in three areas: administrative, physical security, and technical security.

Administrative requirements


These rules ensure that patient data is correct and accessible to authorized parties.
Formalize your privacy procedures in a written document.

  • Designate an executive to oversee data security and HIPAA compliance.
  • Identify which employees have access to patient data.
  • Train employees on your organization’s privacy policy and how it applies to their job.
  • Require all outside parties who need to access protected patient data to sign contracts stating that they will comply with HIPAA security rules.
  • Back up data and have an emergency plan for disasters that could cause information loss.
  • Perform an annual data security assessment.
  • Create a data breach response plan that addresses notifying affected patients and fixing compromised IT systems.
Compare healthcare business insurance quotes online
Learn more

Physical security requirements

These HIPAA rules help your organization prevent physical theft and loss of devices that contain patient information.

  • Limit access to computers by keeping them behind counters, secured to desks, and away from the general public.
  • Restrict access to secure areas, monitor building safety, and require visitors to sign in.
  • Exercise caution and follow best practices when upgrading or disposing of hardware and software, including securely wiping hard drives.
  • Train employees and contractors on physical safety best practices, including the importance of securing their cell phones and mobile devices.

Technical security requirements

These measures protect your networks and devices from data breaches.

  • Encrypt sensitive files that your organization sends via email and ensure that any cloud-based platform you use offers encryption.
  • Protect your network from hackers and other cyberthieves with firewalls and intrusion detection and prevention systems.
  • Train your employees to identify and avoid phishing scams.
  • Back up data in case of accidental deletion or changes.
  • Authenticate data transfers to third parties by requiring a password, a two- or three-way handshake, a token, or a callback.
  • Require that employees periodically change their passwords, and ensure passwords contain a mix of letters, numbers, and special characters.
  • Prevent data entry mistakes by using double-keying, checksum, and other redundancy techniques.
  • Keep updated documentation of your organization’s technology and network configurations.

Your organization may need to hire specialized consultants and contractors to help meet HIPAA security rule standards. Maintaining compliance requires monitoring changes in the law and upgrading outdated technologies.

Top businesses we insure

Acupuncturist treating a patient.
Acupuncturists
Doctor reviewing medical chart in an ambulatory surgery center.
Ambulatory surgery centers
Animal assisted therapist introducing a dog to a group of children.
Animal-assisted therapists
First-aid instructor teaching a class.
CPR and first aid instructors
Dental lab technicians reviewing patient x-rays.
Dental labs
Doctor reviewing a medical chart.
Doctors
Therapist guiding a child to express their feelings through art.
Expressive and creative arts therapists
Faith-based counselor speaking with a group of people in a room.
Pastoral counselors
Home healthcare provider working with a patient.
Home healthcare providers
Marriage therapist counseling a couple in an office.
Marriage and family therapists
Patient handing paperwork to staff in a medical office.
Medical offices
Mental health counselor supporting a patient in an office.
Mental health counselors
Nurse reviewing a medical chart with a colleague.
Nurses
Caregiver providing food for a patient.
Caregivers
Physical therapist helping treat a patient.
Physical therapists
Wellness counselor conducting a virtual session with a patient on a laptop.
Wellness counselors

Don't see your profession? Don't worry. We insure most businesses.

Protect patient data with cyber liability insurance

Complying with the HIPAA security rule requires time, money, and the participation of all workers, but your organization’s plan should also include cyber liability insurance.

A cyber liability policy protects you in the event of a data breach and will pay for the costs of notifying affected patients and providing them with credit and fraud monitoring services. Cyber liability insurance also covers legal and court costs if patients sue your organization for exposing their personal information.

Compare healthcare insurance quotes online with Insureon

Protect yourself by completing Insureon’s easy online application today to compare healthcare business insurance quotes from top-rated U.S. carriers. Once you find the right policies for your business needs, you can begin coverage in less than 24 hours.

Related Topics:
Cyber liability insuranceHealthcare facilitiesHealthcare professionalsTherapy & counselingLegalData securityHuman & social services
Get business insurance quotes from trusted carriers
What kind of work do you do?
Or call us at (800) 688-1984