medcomply.ai
Intel
The HIPAA Security Rule — A Complete Guide for 2026 · Security RuleUnderstanding the HIPAA Breach Notification Rule · Data BreachHIPAA breach notification overview · Data BreachHow to respond to a HIPAA breach · Data BreachHIPAA compliance checklist for covered entities · AnalysisOCR audit preparation checklist and evidence map · OCR EnforcementPatient rights under HIPAA: practical guide · Rule UpdateHIPAA staff training requirements and cadence · AnalysisHIPAA for SaaS and technology vendors · SaaS & TechnologyHIPAA Security Rule overview for compliance teams · Security RuleWhat is a Business Associate Agreement (BAA)? · BAAWhat counts as PHI under HIPAA? · Privacy RuleThe HIPAA Security Rule — A Complete Guide for 2026 · Security RuleUnderstanding the HIPAA Breach Notification Rule · Data BreachHIPAA breach notification overview · Data BreachHow to respond to a HIPAA breach · Data BreachHIPAA compliance checklist for covered entities · AnalysisOCR audit preparation checklist and evidence map · OCR EnforcementPatient rights under HIPAA: practical guide · Rule UpdateHIPAA staff training requirements and cadence · AnalysisHIPAA for SaaS and technology vendors · SaaS & TechnologyHIPAA Security Rule overview for compliance teams · Security RuleWhat is a Business Associate Agreement (BAA)? · BAAWhat counts as PHI under HIPAA? · Privacy Rule

Your HIPAA basics

Practice manager

Office managers, practice administrators, and those responsible for running the practice

This page is for you. 7 articles in your reading path.

Your reading path

Step 1 of 7 — check off articles as you finish (saved in this browser).

  1. 1

    What is HIPAA and why does it apply to my office?

    HIPAA is a federal law protecting patient health information. Here's what it means for your practice in plain English.

    Read →
  2. 2

    What patient information do we need to protect?

    Understand what counts as protected health information in a real office — not just charts, but conversations, schedules, and more.

    Read →
  3. 3

    Your HIPAA basics checklist

    How to use medcomply.ai's plain-English checklist to see gaps before they become investigations.

    Read →
  4. 4

    Do we need a Privacy Officer?

    Yes — someone must own HIPAA privacy for your organization. At a small practice, that can be a part-time role.

    Read →
  5. 5

    Do we need to sign anything? Business Associate Agreements explained simply

    A plain-English look at BAAs — the contracts you need with vendors that touch patient information.

    Read →
  6. 6

    What HIPAA training does our staff actually need?

    Everyone who touches patient information needs training — but the law leaves room for how you deliver it.

    Read →
  7. 7

    What should I do if I think something went wrong?

    Wrong fax, strange email, lost phone, or coworker snooping — here's how to respond without making it worse.

    Read →

Your checklist

Items most relevant to your role. Progress syncs with the full checklist.

See full checklist →

Your scenarios

I think a staff member at our practice violated HIPAA

Get the answer →

We think we may have had a data breach

Get the answer →

A vendor is asking us to send them patient information

Get the answer →

A patient says they are filing a HIPAA complaint

Get the answer →

See all scenarios →

Next steps

When you're ready to go deeper, explore intelligence articles and free tools.