Software or IT vendor

Your reading path

Step 1 of 6 — check off articles as you finish (saved in this browser).

1. 1

   What is HIPAA and why does it apply to my office?

   HIPAA is a federal law protecting patient health information. Here's what it means for your practice in plain English.

   DoneRead →
2. 2

   Does HIPAA apply to my software company or service?

   A simple decision guide for vendors wondering if they are in HIPAA's world.

   DoneRead →
3. 3

   Do we need to sign anything? Business Associate Agreements explained simply

   A plain-English look at BAAs — the contracts you need with vendors that touch patient information.

   DoneRead →
4. 4

   What patient information do we need to protect?

   Understand what counts as protected health information in a real office — not just charts, but conversations, schedules, and more.

   DoneRead →
5. 5

   HIPAA for software companies (the short version)

   If your product touches patient data for healthcare customers, here is how to think about BAAs, security, and subprocessors.

   DoneRead →
6. 6

   What should I do if I think something went wrong?

   Wrong fax, strange email, lost phone, or coworker snooping — here's how to respond without making it worse.

   DoneRead →

Your checklist

Items most relevant to your role. Progress syncs with the full checklist.

• All staff completed HIPAA training within the last year

  What training is required? →

• Signed Business Associate Agreements with all software vendors handling patient data

  What is a BAA? →

• Patient data is encrypted when stored and when sent over the internet

  Encryption basics →

• Each person has their own unique login — no shared passwords

  Access control basics →

• A process exists for responding to security incidents and potential breaches

  What to do if something goes wrong →

• Any subcontractors who handle patient data also have signed BAAs

  Subcontractor obligations →

Your scenarios