Skip to content
    Request A Free Trial

    What is HIPAA compliance

    The acronym HIPAA stands for “Health Insurance Portability and Accountability Act”, which became law in 1996 in the U.S. HIPAA compliance refers to the three main rules around how companies use individuals’ health information and personally identifiable information (PII).

    Any company that receives, stores, or deals with individuals’ personal information related to healthcare, diagnosis, lab results, prescriptions, and so on, must maintain a state of compliance with HIPAA rules. This applies to doctor’s offices and healthcare providers but may extend to medical device companies, fitness apps, or social platforms where users share their health information.

    What are the Three Rules of HIPAA Compliance?

    HIPAA compliance can be summarized by adherence to the three rules: the Privacy Rule, the Security Rule, and the Breach Notification Rule. 

    1. The Privacy Rule — Privacy policies, including forms that identify where and how doctors can leave messages for individuals, are just the start of the data protection that’s required under the Privacy Rule. PII must be stripped from aggregated data, and individual results should only be available to people on a need-to-know basis. The storage and encryption of this data is also part of the Privacy Rule.
    2. The Security Rule —- From the physical security of facilities to processes and automation to support the security of information, the Security Rule covers all areas of data security. Information access management (IAM) that restricts data access by user roles is an important part of this. HIPAA compliance also requires employee training around security, and an incident response plan.
    3. The Breach Notification Rule — This rule is pretty self-explanatory. Any data breach of personal health information — impacting over 500 people — must be reported to the affected individuals no later than 60 days after the breach.

    See the Platform

    See the Axonius Platform for yourself with an interactive product tour, where we'll guide you through key applications of our Cybersecurity Asset Management and SaaS Management solutions.

    Get a Free Trial

    Sign-up for a free full-access 30 day trial to learn how Axonius gives IT and security teams a comprehensive understanding of all assets, their relationships, and business-level context including devices, identities, software, SaaS applications, vulnerabilities and security controls, and more.

    Book a Demo

    Request a demo to learn how the Axonius Platform provides a system of record for all digital infrastructure helping IT and security teams manage an always-expanding sprawl of devices, users, software, SaaS applications, cloud services, and the tools used to manage and secure them.