Security & data standard
HIPAA
Protected health information rules for healthcare and vendors.
Applies to: Healthcare and vendorsWhat it is
HIPAA governs how protected health information is created, stored, transmitted, and disclosed.
It includes the Privacy Rule, Security Rule, and Breach Notification Rule.
Who must comply
- Covered entities: providers, health plans, clearinghouses
- Business associates: any vendor handling PHI on a covered entity's behalf
Key requirements
- Administrative, physical, and technical safeguards for PHI
- Business Associate Agreements with vendors
- Encryption in transit and at rest where reasonable
- Audit logs and breach notification procedures
Risks of non-compliance
Civil penalties up to millions per violation category, plus mandatory breach disclosure.
This is educational and not legal advice. Talk to your attorney about your specific exposure.
How Scale helps
We design HIPAA aligned web, intake, and AI systems with the right BAAs and safeguards in place.
