News
Do I Need a BAA With My Vendor? A Plain-English Guide to Which Vendors Require a Business Associate Agreement · Business AssociatesYour 'Success Story' Program Just Cost This Rehab Facility $182,000: The Cadia Healthcare HIPAA Settlement · OCR EnforcementAn Accounting Firm Just Paid a HIPAA Fine: BST and Co. CPAs and What It Means for Professional Services Firms · OCR Enforcement15 Million Records, a $10,000 Fine, and a Company That No Longer Exists: The MMG Fusion Story · OCR EnforcementOCR Creates Religious Discrimination Units: What the Restructuring Means for HIPAA Enforcement · Rule UpdateOCR Director: The Cost of Doing Nothing Is Very High · Rule UpdateHIPAA Victims May Soon Receive a Share of OCR Fines: What the Proposed Compensation Program Means · Rule UpdateOCR Restructured: Three New Divisions and What It Means for HIPAA Enforcement · Rule UpdateRehab Center Pays $103,000 After Phishing Attack: OCR's 11th Risk Analysis Enforcement Action · OCR EnforcementConcentra Pays $112,500 After Patient Made Six Records Requests Over 13 Months · OCR EnforcementHIPAA Security Rule Final Rule: May Deadline Passes With No Announcement · Rule UpdateDo I Need a BAA With My Vendor? A Plain-English Guide to Which Vendors Require a Business Associate Agreement · Business AssociatesYour 'Success Story' Program Just Cost This Rehab Facility $182,000: The Cadia Healthcare HIPAA Settlement · OCR EnforcementAn Accounting Firm Just Paid a HIPAA Fine: BST and Co. CPAs and What It Means for Professional Services Firms · OCR Enforcement15 Million Records, a $10,000 Fine, and a Company That No Longer Exists: The MMG Fusion Story · OCR EnforcementOCR Creates Religious Discrimination Units: What the Restructuring Means for HIPAA Enforcement · Rule UpdateOCR Director: The Cost of Doing Nothing Is Very High · Rule UpdateHIPAA Victims May Soon Receive a Share of OCR Fines: What the Proposed Compensation Program Means · Rule UpdateOCR Restructured: Three New Divisions and What It Means for HIPAA Enforcement · Rule UpdateRehab Center Pays $103,000 After Phishing Attack: OCR's 11th Risk Analysis Enforcement Action · OCR EnforcementConcentra Pays $112,500 After Patient Made Six Records Requests Over 13 Months · OCR EnforcementHIPAA Security Rule Final Rule: May Deadline Passes With No Announcement · Rule Update

Your HIPAA basics

Software or IT vendor

SaaS companies, IT providers, billing services, and anyone whose software touches patient data

This page is for you. 6 articles in your reading path.

Your reading path

Step 1 of 6, check off articles as you finish (saved in this browser).

  1. 1

    What is HIPAA and why does it apply to my office?

    HIPAA is a federal law protecting patient health information. Here's what it means for your practice in plain English.

    Read →
  2. 2

    Does HIPAA apply to my software company or service?

    A simple decision guide for vendors wondering if they are in HIPAA's world.

    Read →
  3. 3

    Do we need to sign anything? Business Associate Agreements explained simply

    A plain-English look at BAAs, the contracts you need with vendors that touch patient information.

    Read →
  4. 4

    What patient information do we need to protect?

    Understand what counts as protected health information in a real office, not just charts, but conversations, schedules, and more.

    Read →
  5. 5

    HIPAA for software companies (the short version)

    If your product touches patient data for healthcare customers, here is how to think about BAAs, security, and subprocessors.

    Read →
  6. 6

    What should I do if I think something went wrong?

    Wrong fax, strange email, lost phone, or coworker snooping, here's how to respond without making it worse.

    Read →

Your checklist

Items most relevant to your role. Progress syncs with the full checklist.

See full checklist →

Your scenarios

A customer is asking us to sign a BAA

Get the answer →

We learned an employee accessed a customer's patient data without authorization

Get the answer →

We had a security incident (malware, intrusion, or lost device)

Get the answer →

A customer asked, "Are you HIPAA compliant?"

Get the answer →

See all scenarios →

Next steps

When you're ready to go deeper, explore insights and free tools.