medcomply.ai
Intel
The HIPAA Security Rule — A Complete Guide for 2026 · Security RuleUnderstanding the HIPAA Breach Notification Rule · Data BreachHIPAA breach notification overview · Data BreachHow to respond to a HIPAA breach · Data BreachHIPAA compliance checklist for covered entities · AnalysisOCR audit preparation checklist and evidence map · OCR EnforcementPatient rights under HIPAA: practical guide · Rule UpdateHIPAA staff training requirements and cadence · AnalysisHIPAA for SaaS and technology vendors · SaaS & TechnologyHIPAA Security Rule overview for compliance teams · Security RuleWhat is a Business Associate Agreement (BAA)? · BAAWhat counts as PHI under HIPAA? · Privacy RuleThe HIPAA Security Rule — A Complete Guide for 2026 · Security RuleUnderstanding the HIPAA Breach Notification Rule · Data BreachHIPAA breach notification overview · Data BreachHow to respond to a HIPAA breach · Data BreachHIPAA compliance checklist for covered entities · AnalysisOCR audit preparation checklist and evidence map · OCR EnforcementPatient rights under HIPAA: practical guide · Rule UpdateHIPAA staff training requirements and cadence · AnalysisHIPAA for SaaS and technology vendors · SaaS & TechnologyHIPAA Security Rule overview for compliance teams · Security RuleWhat is a Business Associate Agreement (BAA)? · BAAWhat counts as PHI under HIPAA? · Privacy Rule

New to HIPAA? You're in the right place.

Plain English explanations — no legal jargon, no overwhelm. Pick your role below and we'll show you exactly what you need to know.

Already familiar with HIPAA? Browse our intelligence →

Start here

What's your role at your organization?

We'll show you exactly what HIPAA means for you and what you actually need to do.

Front desk staff

Front desk & admin staff

Receptionists, schedulers, billing staff, and anyone who handles patient information at the front

Your reading path →

Practice managers

Practice manager

Office managers, practice administrators, and those responsible for running the practice

Your reading path →

Healthcare providers

Healthcare provider

Doctors, nurses, therapists, pharmacists, and all clinical staff who treat patients

Your reading path →

Software and IT vendors

Software or IT vendor

SaaS companies, IT providers, billing services, and anyone whose software touches patient data

Your reading path →

What is HIPAAWhat to protectYour daily rulesIf something goes wrongYour checklist

Select your role above for a personalized path.

Plain English explainers

Short articles, big clarity

  1. What is HIPAA and why does it apply to my office?Start here
  2. Access controls — who can click what
  3. Do we need a Privacy Officer?
  4. Do we need to sign anything? Business Associate Agreements explained simply
  5. Does HIPAA apply to my software company or service?
  6. Encryption in plain English
  7. HIPAA and computers — passwords, locks, and shared desks
  8. HIPAA and mental health — extra sensitivity
  9. HIPAA and mobile devices — phones and tablets in patient care
  10. HIPAA and patient care — talking to other providers
  11. HIPAA and voicemail — keep messages short
  12. HIPAA for software companies (the short version)
  13. HIPAA in your daily work (without the stress)
  14. HIPAA policies without the three-ring binder fantasy
  15. Notice of Privacy Practices — what goes in it?
  16. Verbal privacy at the front desk
  17. What are we actually allowed to say about patients?
  18. What HIPAA training does our staff actually need?
  19. What patient information do we need to protect?
  20. What should I do if I think something went wrong?
  21. Your HIPAA basics checklist
View all explainers →

Common misconceptions

HIPAA myths — quick reality checks

Myth

"We're too small to be fined for HIPAA violations"

Reality

OCR has fined solo practices and offices with fewer than 10 staff.

Myth

"Our software is HIPAA compliant so we're covered"

Reality

Your vendor's compliance does not cover your practice. You are still fully responsible.

Myth

"HIPAA means we can never talk about patients"

Reality

You can discuss treatment with other providers involved in a patient's care.

See all myths →

Real situations, clear answers

What do I do if…

A patient calls asking for their spouse's test results

You generally cannot release this without written authorization from the patient — even to a spouse.

Get the answer →

I accidentally sent a fax to the wrong number

This may be a reportable breach. Take these steps in the next 24 hours.

Get the answer →

I saw a coworker looking at patient records they shouldn't be

This is an internal HIPAA violation. You have an obligation to report it.

Get the answer →

A patient wants a copy of their medical records

Patients have a legal right to their records. You have 30 days to provide them.

Get the answer →
See all scenarios →

Compliance checklist

Is your practice covered?

Check off basics as you go — we save progress in your browser on this device.

0 of 16 items complete

  • Notice of Privacy Practices posted in waiting area and given to new patients
  • All staff completed HIPAA training within the last year
  • A Privacy Officer has been designated at your practice
  • Signed Business Associate Agreements with all software vendors handling patient data
  • Computers are password protected and lock automatically after a few minutes
  • Staff only access patient records they need for their specific job
See the full checklist →

HIPAA glossary

Every term you'll encounter — in plain English

PHIePHICovered entityBusiness associateBAAOCRBreachMinimum necessaryPrivacy officerNotice of Privacy Practices (NPP)AuthorizationDe-identificationEncryptionPatient rightsPolicies and proceduresAccess controlsBreach notificationCivil monetary penaltyWorkforce training
Browse full glossary →

Ready to get compliant?

Start with our free risk assessment — about 10 minutes — or ask a question in plain English.

Take the risk assessmentAsk a HIPAA question →

Not legal advice. medcomply.ai provides educational compliance basics; consult qualified counsel for legal decisions.