HIPAA Compliance

W ho Falls under HIPAA Compliance?

Do You Manage or Store Healthcare Data?

Organizations accessing, managing or storing electronic health care data are subject to HIPPA compliance requirements. Similar to other types of compliance, these regulations are meant to protect consumer information as well as ease the mind of patients that their sensitive health information is safeguarded and kept private. Each year, thousands of businesses fail to adhere to these requirements and not only is sensitive data compromised, but millions of dollars are lost in the form of litigation, and penalties or in some cases can lead to imprisonment.


C overed Entities and Business Associates

What Are the Different Groups Under HIPAA Compliance?

When understanding HIPAA compliance, it's important to know which entities need to adhere to these regulations to uphold data privacy and prevent possible penalties. Broadly speaking, there are two types of organizations obligated to comply with HIPAA.

Covered Entities

Directly Involved With Healthcare

Covered entities (CEs) encompass a range of organizations directly engaged in providing or managing healthcare services. This includes medical practitioners like physicians, dentists, pharmacists, and nurses, as well as healthcare facilities such as hospitals, clinics, and nursing homes. Health plans, like HMOs, PPOs, Medicare/Medicaid programs, and employer-sponsored health plans, are also classified as covered entities.

Business Associates

Third-Party Service Providers

Business associates (BAs) are external service providers that handle Protected Health Information (PHI) while conducting services for covered entities. This includes billing companies involved in claims processing and patient account management, electronic health record (EHR) vendors responsible for developing or managing EHR systems for healthcare providers, as well as IT service providers.

T he key tenets of HIPAA compliance

How to Keep Sensitive Information Secure

HIPAA (Health Insurance Portability and Accountability Act) compliance is crucial for protecting sensitive patient information in the healthcare industry. The key tenets of HIPAA compliance include...

Privacy Rule

This establishes national standards for protecting individuals' medical records and personal health information (PHI).

Security Rule

Outlines administrative, physical, and technical safeguards to protect electronic protected health information (ePHI).

Breach Notification

Requires individuals, the Dept. of Health & Human Services, and occasionally the media to be notified in case of a breach.

Enforcement Rule

Procedures for investigating complaints of HIPAA violations and outlines penalties for non-compliance.


Strengthens HIPAA regulations by expanding privacy and security requirements for electronic health records

Omnibus Rule

Combines multiple updates to HIPAA regulations, including modifications required by the HITECH Act.

Business Associate Agreements (BAAs)

Outlines responsibilities of business associates regarding HIPAA compliance and PHI protection.

Minimum Necessary Standard

Covered entities must limit the use, disclosure, and request of PHI to the minimum information necessary.

Patient Rights

HIPAA grants patients several rights, including access to their medical records, request amendments, and more.

Training & Awareness

Entities are required to train their workforce on HIPAA regulations, policies, and procedures for compliance.

W hat Can TSI do for my company

Keeping You and Your Data Protected

Organizations subject to HIPAA rely on TSI to verify their compliance posture and provide the required solutions to ensure their ongoing adherence to these obligations. Our holistic services verify our clients’ compliant postures, identify any areas for improvements and as part of our solution, provide ongoing guidance to help resolve and ensure long term compliance.

H ippa compliance faq

Get Your Questions Answered by IT Professionals

What Our Clients Are Saying


“There is just too much information to make clear informed IT decisions that are best for your business. TSI’s cloud specialists helped navigate through the abyss of buzzwords and tech-centric concepts to help our business become more efficient and reduce IT capital expenditures. TSI’s ability to outline and explain the variety of available options helped solidify our decision to move to the cloud. I came out of the experience truly appreciating TSI’s approach."

Investment Group / Hyannis, MA

Contact TSI to Ensure Your Organization is HIPAA Compliant

Whether you're sourcing a new IT provider, looking for an expert cyber security firm, or you just want to make sure your network is in order and would like an outside party to take look, we'd be happy to hear from you.

Call us at (508)-543-6979 or click the button below to request a call back from a representative at TSI.