{"id":7930016,"date":"2022-05-31T17:37:25","date_gmt":"2022-05-31T15:37:25","guid":{"rendered":"https:\/\/www.wildix.com\/?page_id=7930016"},"modified":"2026-03-02T13:45:02","modified_gmt":"2026-03-02T12:45:02","slug":"hipaa-compliance","status":"publish","type":"page","link":"https:\/\/www.wildix.com\/us\/hipaa-compliance\/","title":{"rendered":"HIPAA Compliance"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"7930016\" class=\"elementor elementor-7930016\" data-elementor-post-type=\"page\">\n\t\t\t\t<div class=\"elementor-element elementor-element-f98aef7 e-flex e-con-boxed e-con e-parent\" data-id=\"f98aef7\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;8c11341&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:null,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}],&quot;background_background&quot;:&quot;gradient&quot;,&quot;shape_divider_bottom&quot;:&quot;waves&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-shape elementor-shape-bottom\" aria-hidden=\"true\" data-negative=\"false\">\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 1000 100\" preserveAspectRatio=\"none\">\n\t<path class=\"elementor-shape-fill\" d=\"M421.9,6.5c22.6-2.5,51.5,0.4,75.5,5.3c23.6,4.9,70.9,23.5,100.5,35.7c75.8,32.2,133.7,44.5,192.6,49.7\n\tc23.6,2.1,48.7,3.5,103.4-2.5c54.7-6,106.2-25.6,106.2-25.6V0H0v30.3c0,0,72,32.6,158.4,30.5c39.2-0.7,92.8-6.7,134-22.4\n\tc21.2-8.1,52.2-18.2,79.7-24.2C399.3,7.9,411.6,7.5,421.9,6.5z\"\/>\n<\/svg>\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-645a192 e-con-full e-flex e-con e-child\" data-id=\"645a192\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-c68a389 e-flex e-con-boxed e-con e-parent\" data-id=\"c68a389\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-411619a e-con-full e-flex e-con e-child\" data-id=\"411619a\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-0cd0f2d elementor-widget elementor-widget-text-editor\" data-id=\"0cd0f2d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tTo download the updated <b>Attestation Letter for the\u00a0HIPAA Security Risk Assessment<\/b>,\u00a0<a href=\"https:\/\/www.wildix.com\/wp-content\/uploads\/2026\/03\/HIPAA-Compliance-Statement-2026-Attestation-letter.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">click here<\/a>.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2900ef1 elementor-widget elementor-widget-text-editor\" data-id=\"2900ef1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tThis is a summary of key elements of the Security Rule including who is covered, what information is protected, and what safeguards must be in place to ensure appropriate protection of electronic protected health information.\u00a0 Because it is an overview of the Security Rule, it does not address every detail of each\u00a0provision.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c53629c elementor-widget elementor-widget-heading\" data-id=\"c53629c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Statutory and Regulatory Background<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ee76afa elementor-widget elementor-widget-text-editor\" data-id=\"ee76afa\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul>\n \t<li>The\u00a0<em>Administrative Simplification<\/em>\u00a0provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) required the Secretary of HHS to publish national standards for the security of electronic protected health information (e-PHI), electronic exchange, and the privacy and security of health information.<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-80e6ab2 elementor-widget elementor-widget-text-editor\" data-id=\"80e6ab2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tHIPAA called on the Secretary to issue security regulations regarding measures for protecting the integrity, confidentiality, and availability of e\u2011PHI that is held or transmitted by covered entities. HHS developed a proposed rule and released it for public comment on August\u00a012, 1998. The Department received approximately 2,350 public comments. The final regulation, the Security Rule, was published February 20, 2003.2\u00a0The Rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality, integrity, and availability of\u00a0e\u2011PHI.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6aa26d5 elementor-widget elementor-widget-text-editor\" data-id=\"6aa26d5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tThe text of the final regulation can be found at 45\u00a0CFR\u00a0<a href=\"https:\/\/www.access.gpo.gov\/nara\/cfr\/waisidx_07\/45cfr160_07.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Part 160<\/a>\u00a0and\u00a0<a href=\"https:\/\/www.access.gpo.gov\/nara\/cfr\/waisidx_07\/45cfr164_07.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Part\u00a0164<\/a>, Subparts\u00a0A and\u00a0C.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-df06326 elementor-widget elementor-widget-heading\" data-id=\"df06326\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Who is Covered by the Security\u00a0Rule<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3be48ed elementor-widget elementor-widget-text-editor\" data-id=\"3be48ed\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul>\n \t<li>The Security Rule applies to health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form in connection with a transaction for which the Secretary of HHS has adopted standards under HIPAA (the &#8220;covered entities&#8221;) and to their business associates.\u00a0<a href=\"https:\/\/www.cms.gov\/Regulations-and-Guidance\/Administrative-Simplification\/HIPAA-ACA\/AreYouaCoveredEntity.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">For help in determining whether you are covered, use CMS&#8217;s decision\u00a0tool.<\/a><\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c152435 elementor-widget elementor-widget-text-editor\" data-id=\"c152435\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tRead more about covered entities in the\u00a0<a href=\"https:\/\/www.hhs.gov\/sites\/default\/files\/ocr\/privacy\/hipaa\/understanding\/summary\/privacysummary.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Summary of the HIPAA Privacy Rule\u00a0\u2013 PDF\u00a0\u2013 PDF<\/a>.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-39e2dc7 elementor-widget elementor-widget-heading\" data-id=\"39e2dc7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Business Associates<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-92e8bf0 elementor-widget elementor-widget-text-editor\" data-id=\"92e8bf0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul>\n \t<li>The\u00a0<a href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/privacy\/laws-regulations\/combined-regulation-text\/omnibus-hipaa-rulemaking\/index.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Act of 2009<\/a>\u00a0expanded the responsibilities of business associates under the HIPAA Security Rule. HHS developed regulations to implement and clarify these changes.<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8ae7444 elementor-widget elementor-widget-text-editor\" data-id=\"8ae7444\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tSee additional guidance on\u00a0<a href=\"https:\/\/www.hhs.gov\/ocr\/privacy\/hipaa\/understanding\/coveredentities\/businessassociates.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">business\u00a0associates<\/a>.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-09e4c16 elementor-widget elementor-widget-heading\" data-id=\"09e4c16\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">What Information is Protected<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6243ae8 elementor-widget elementor-widget-text-editor\" data-id=\"6243ae8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul>\n \t<li><strong>Electronic Protected Health Information.<\/strong>\u00a0The HIPAA Privacy Rule protects the privacy of individually identifiable health information, called protected health information (PHI), as explained in the Privacy Rule and\u00a0<a href=\"https:\/\/www.hhs.gov\/sites\/default\/files\/ocr\/privacy\/hipaa\/understanding\/summary\/privacysummary.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">here\u00a0\u2013 PDF\u00a0\u2013 PDF<\/a>. The Security Rule protects a subset of information covered by the Privacy Rule, which is all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form. The Security Rule calls this information &#8220;electronic protected health information&#8221; (e-PHI).3\u00a0The Security Rule does not apply to PHI transmitted orally or in writing.<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1b19d63 elementor-widget elementor-widget-heading\" data-id=\"1b19d63\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">General Rules<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d323f57 elementor-widget elementor-widget-text-editor\" data-id=\"d323f57\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul>\n \t<li>The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI.<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bd02a9e elementor-widget elementor-widget-text-editor\" data-id=\"bd02a9e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tSpecifically, covered entities must:\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-96aff2e elementor-widget elementor-widget-text-editor\" data-id=\"96aff2e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ol>\n \t<li>Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit;<\/li>\n \t<li>Identify and protect against reasonably anticipated threats to the security or integrity of the information;<\/li>\n \t<li>Protect against reasonably anticipated, impermissible uses or disclosures; and<\/li>\n \t<li>Ensure compliance by their workforce.4\nThe Security Rule defines &#8220;confidentiality&#8221; to mean that e-PHI is not available or disclosed to unauthorized persons. The Security Rule&#8217;s confidentiality requirements support the Privacy Rule&#8217;s prohibitions against improper uses and disclosures of PHI. The Security rule also promotes the two additional goals of maintaining the integrity and availability of e-PHI. Under the Security Rule, &#8220;integrity&#8221; means that e-PHI is not altered or destroyed in an unauthorized manner. &#8220;Availability&#8221; means that e-PHI is accessible and usable on demand by an authorized person.5<\/li>\n<\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-455e43e elementor-widget elementor-widget-text-editor\" data-id=\"455e43e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tHHS recognizes that covered entities range from the smallest provider to the largest, multi-state health plan. Therefore the Security Rule is flexible and scalable to allow covered entities to analyze their own needs and implement solutions appropriate for their specific environments. What is appropriate for a particular covered entity will depend on the nature of the covered entity&#8217;s business, as well as the covered entity&#8217;s size and\u00a0resources.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ace9a99 elementor-widget elementor-widget-text-editor\" data-id=\"ace9a99\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tTherefore, when a covered entity is deciding which security measures to use, the Rule does not dictate those measures but requires the covered entity to consider:\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-aa1529a elementor-widget elementor-widget-text-editor\" data-id=\"aa1529a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul>\n \t<li>Its size, complexity, and capabilities,<\/li>\n \t<li>Its technical, hardware, and software infrastructure,<\/li>\n \t<li>The costs of security measures, and<\/li>\n \t<li>The likelihood and the possible impact of potential risks to e-PHI.6\nCovered entities must review and modify their security measures to continue protecting e-PHI in a changing environment.<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fa4fa72 elementor-widget elementor-widget-text-editor\" data-id=\"fa4fa72\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<b>To read the full Summary of the HIPPA Security Rule from the U.S. Department of Health &amp; Human Services,<\/b> <a href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/security\/laws-regulations\/index.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">click\u00a0here<\/a>.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-eb3c4ed elementor-widget elementor-widget-text-editor\" data-id=\"eb3c4ed\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tTo download the <b>2026 Attestation Letter for the\u00a0HIPAA Security Risk Assessment<\/b>,\u00a0<a href=\"https:\/\/www.wildix.com\/wp-content\/uploads\/2026\/03\/HIPAA-Compliance-Statement-2026-Attestation-letter.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">click here<\/a>.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-43cbe10 elementor-widget elementor-widget-text-editor\" data-id=\"43cbe10\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/www.iubenda.com\/en\/help\/22623-gdpr-vs-hipaa\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">GDPR vs HIPAA \u2013 What are the differences and how to comply<\/a>.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>To download the updated Attestation Letter for the\u00a0HIPAA Security Risk Assessment,\u00a0click here.This is a summary of key elements of the Security Rule including who is covered, what information is protected, and what safeguards must be in place to ensure appropriate protection of electronic protected health information.\u00a0 Because it is an overview of the Security Rule, [&hellip;]<\/p>\n","protected":false},"author":20,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"site-sidebar-layout":"no-sidebar","site-content-layout":"page-builder","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"disabled","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jet_sm_ready_style":"","_jet_sm_style":"","_jet_sm_controls_values":"","_jet_sm_fonts_collection":"","_jet_sm_fonts_links":"","footnotes":""},"class_list":["post-7930016","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>HIPAA Compliance | Wildix<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HIPAA Compliance | Wildix\" \/>\n<meta property=\"og:description\" content=\"To download the updated Attestation Letter for the\u00a0HIPAA Security Risk Assessment,\u00a0click here.This is a summary of key elements of the Security Rule including who is covered, what information is protected, and what safeguards must be in place to ensure appropriate protection of electronic protected health information.\u00a0 Because it is an overview of the Security Rule, [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.wildix.com\/us\/hipaa-compliance\/\" \/>\n<meta property=\"og:site_name\" content=\"Wildix\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/groups\/wildixtechwizards\/?mibextid=6NoCDW\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-02T12:45:02+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@wildix_\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HIPAA Compliance | Wildix","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"HIPAA Compliance | Wildix","og_description":"To download the updated Attestation Letter for the\u00a0HIPAA Security Risk Assessment,\u00a0click here.This is a summary of key elements of the Security Rule including who is covered, what information is protected, and what safeguards must be in place to ensure appropriate protection of electronic protected health information.\u00a0 Because it is an overview of the Security Rule, [&hellip;]","og_url":"https:\/\/www.wildix.com\/us\/hipaa-compliance\/","og_site_name":"Wildix","article_publisher":"https:\/\/www.facebook.com\/groups\/wildixtechwizards\/?mibextid=6NoCDW","article_modified_time":"2026-03-02T12:45:02+00:00","twitter_card":"summary_large_image","twitter_site":"@wildix_","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.wildix.com\/us\/hipaa-compliance\/","url":"https:\/\/www.wildix.com\/us\/hipaa-compliance\/","name":"HIPAA Compliance | Wildix","isPartOf":{"@id":"https:\/\/www.wildix.com\/us\/#website"},"datePublished":"2022-05-31T15:37:25+00:00","dateModified":"2026-03-02T12:45:02+00:00","breadcrumb":{"@id":"https:\/\/www.wildix.com\/us\/hipaa-compliance\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.wildix.com\/us\/hipaa-compliance\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.wildix.com\/us\/hipaa-compliance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.wildix.com\/us\/"},{"@type":"ListItem","position":2,"name":"HIPAA Compliance"}]},{"@type":"WebSite","@id":"https:\/\/www.wildix.com\/us\/#website","url":"https:\/\/www.wildix.com\/us\/","name":"Wildix","description":"","publisher":{"@id":"https:\/\/www.wildix.com\/us\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.wildix.com\/us\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.wildix.com\/us\/#organization","name":"Wildix","url":"https:\/\/www.wildix.com\/us\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.wildix.com\/us\/#\/schema\/logo\/image\/","url":"https:\/\/www.wildix.com\/wp-content\/uploads\/2021\/09\/logo-1.svg","contentUrl":"https:\/\/www.wildix.com\/wp-content\/uploads\/2021\/09\/logo-1.svg","caption":"Wildix"},"image":{"@id":"https:\/\/www.wildix.com\/us\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/groups\/wildixtechwizards\/?mibextid=6NoCDW","https:\/\/x.com\/wildix_"]}]}},"clean_content":"To download the updated Attestation Letter for the\u00a0HIPAA Security Risk Assessment,\u00a0click here. This is a summary of key elements of the Security Rule including who is covered, what information is protected, and what safeguards must be in place to ensure appropriate protection of electronic protected health information.\u00a0 Because it is an overview of the Security Rule, it does not address every detail of each\u00a0provision. Statutory and Regulatory Background The\u00a0Administrative Simplification\u00a0provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) required the Secretary of HHS to publish national standards for the security of electronic protected health information (e-PHI), electronic exchange, and the privacy and security of health information. HIPAA called on the Secretary to issue security regulations regarding measures for protecting the integrity, confidentiality, and availability of e\u2011PHI that is held or transmitted by covered entities. HHS developed a proposed rule and released it for public comment on August\u00a012, 1998. The Department received approximately 2,350 public comments. The final regulation, the Security Rule, was published February 20, 2003.2\u00a0The Rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality, integrity, and availability of\u00a0e\u2011PHI. The text of the final regulation can be found at 45\u00a0CFR\u00a0Part 160\u00a0and\u00a0Part\u00a0164, Subparts\u00a0A and\u00a0C. Who is Covered by the Security\u00a0Rule The Security Rule applies to health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form in connection with a transaction for which the Secretary of HHS has adopted standards under HIPAA (the \u201ccovered entities\u201d) and to their business associates.\u00a0For help in determining whether you are covered, use CMS\u2019s decision\u00a0tool. Read more about covered entities in the\u00a0Summary of the HIPAA Privacy Rule\u00a0\u2013 PDF\u00a0\u2013 PDF. Business Associates The\u00a0Act of 2009\u00a0expanded the responsibilities of business associates under the HIPAA Security Rule. HHS developed regulations to implement and clarify these changes. See additional guidance on\u00a0business\u00a0associates. What Information is Protected Electronic Protected Health Information.\u00a0The HIPAA Privacy Rule protects the privacy of individually identifiable health information, called protected health information (PHI), as explained in the Privacy Rule and\u00a0here\u00a0\u2013 PDF\u00a0\u2013 PDF. The Security Rule protects a subset of information covered by the Privacy Rule, which is all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form. The Security Rule calls this information \u201celectronic protected health information\u201d (e-PHI).3\u00a0The Security Rule does not apply to PHI transmitted orally or in writing. General Rules The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI. Specifically, covered entities must: Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit; Identify and protect against reasonably anticipated threats to the security or integrity of the information; Protect against reasonably anticipated, impermissible uses or disclosures; and Ensure compliance by their workforce.4 The Security Rule defines \u201cconfidentiality\u201d to mean that e-PHI is not available or disclosed to unauthorized persons. The Security Rule\u2019s confidentiality requirements support the Privacy Rule\u2019s prohibitions against improper uses and disclosures of PHI. The Security rule also promotes the two additional goals of maintaining the integrity and availability of e-PHI. Under the Security Rule, \u201cintegrity\u201d means that e-PHI is not altered or destroyed in an unauthorized manner. \u201cAvailability\u201d means that e-PHI is accessible and usable on demand by an authorized person.5 HHS recognizes that covered entities range from the smallest provider to the largest, multi-state health plan. Therefore the Security Rule is flexible and scalable to allow covered entities to analyze their own needs and implement solutions appropriate for their specific environments. What is appropriate for a particular covered entity will depend on the nature of the covered entity\u2019s business, as well as the covered entity\u2019s size and\u00a0resources. Therefore, when a covered entity is deciding which security measures to use, the Rule does not dictate those measures but requires the covered entity to consider: Its size, complexity, and capabilities, Its technical, hardware, and software infrastructure, The costs of security measures, and The likelihood and the possible impact of potential risks to e-PHI.6 Covered entities must review and modify their security measures to continue protecting e-PHI in a changing environment. To read the full Summary of the HIPPA Security Rule from the U.S. Department of Health & Human Services, click\u00a0here. To download the 2026 Attestation Letter for the\u00a0HIPAA Security Risk Assessment,\u00a0click here. GDPR vs HIPAA \u2013 What are the differences and how to comply.","_links":{"self":[{"href":"https:\/\/www.wildix.com\/us\/wp-json\/wp\/v2\/pages\/7930016","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wildix.com\/us\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.wildix.com\/us\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.wildix.com\/us\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wildix.com\/us\/wp-json\/wp\/v2\/comments?post=7930016"}],"version-history":[{"count":3,"href":"https:\/\/www.wildix.com\/us\/wp-json\/wp\/v2\/pages\/7930016\/revisions"}],"predecessor-version":[{"id":8188416,"href":"https:\/\/www.wildix.com\/us\/wp-json\/wp\/v2\/pages\/7930016\/revisions\/8188416"}],"wp:attachment":[{"href":"https:\/\/www.wildix.com\/us\/wp-json\/wp\/v2\/media?parent=7930016"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}