Skip to content
Security & data standard

HIPAA

Protected health information rules for healthcare and vendors.

Applies to: Healthcare and vendors

What it is

HIPAA governs how protected health information is created, stored, transmitted, and disclosed.

It includes the Privacy Rule, Security Rule, and Breach Notification Rule.

Who must comply

  • Covered entities: providers, health plans, clearinghouses
  • Business associates: any vendor handling PHI on a covered entity's behalf

Key requirements

  • Administrative, physical, and technical safeguards for PHI
  • Business Associate Agreements with vendors
  • Encryption in transit and at rest where reasonable
  • Audit logs and breach notification procedures
Risks of non-compliance

Civil penalties up to millions per violation category, plus mandatory breach disclosure.

This is educational and not legal advice. Talk to your attorney about your specific exposure.

How Scale helps

We design HIPAA aligned web, intake, and AI systems with the right BAAs and safeguards in place.

Scale Modern Business Solutions