All frameworks
HIPPrivacy & Security

HIPAA compliance

Safeguards for protected health information.

HIPAA governs how protected health information (PHI) is handled in the US. The Security Rule mandates administrative, physical and technical safeguards; the Privacy Rule governs use and disclosure; the Breach Notification Rule sets response obligations.

See how it works

The standard

HIPAA — US Health Insurance Portability and Accountability Act

Who needs it

Covered entities (providers, health plans) and their business associates — including any software vendor that creates, receives, maintains or transmits PHI.

3

Rules: Security · Privacy · Breach

What it covers

Security Rule

Administrative, physical and technical safeguards for electronic PHI.

Privacy Rule

Rules for the permitted use and disclosure of PHI.

Breach notification

Defined obligations and timelines when PHI is exposed.

Business Associate Agreements

Contracts that flow safeguards down the supply chain.

How Compliance One helps

  • Maps the HIPAA Security Rule safeguards to concrete, evidenced controls.
  • Tracks BAAs, risk analyses and workforce training in one register.
  • Encrypts and isolates evidence per-organisation, with data-region choice.
  • Reuses safeguards already implemented for SOC 2 or ISO 27001.
One control set, many frameworks. Evidence you collect for HIPAA is automatically reused across the other standards you run — do the work once, prove it everywhere.

Ready to tackle HIPAA?

See exactly how Compliance One maps HIPAA to your environment in a 30-minute walkthrough.