Industry-leading compliance

Sign and send documents for signing with industry-leading security and global compliance standards.

Choose a better solution

Approve, deliver, track, and store documents using any device.

What is HIPAA compliance?

HIPAA is an acronym for Health Insurance Portability and Accountability Act. It’s a US federal statute with a collection of standards for protecting sensitive patient information. It regulates the use of Personal Health Information (PHI), its safe storage, and protection from theft or misuse. The law covers physical, administrative, and technical precautions for PHI security. The physical level involves ensuring healthcare staff lock laptops away when leaving them. Administrative measures involve creating internal policies and rules for staff and how they keep medical data safe. Meeting HIPAA compliance on a technical level means that everyone who deals with confidential medical data and PHI must use programs and tools with the highest data encryption.

Who has to be HIPAA compliant?

According to the law, all hospitals, clinics, other healthcare institutions, healthcare insurance companies, and other organizations dealing with them must meet HIPAA compliance. It defines healthcare-related institutions that provide medical care as Covered Entities. Apart from them, the Act demands Business Associates meet HIPAA requirements as well. These are companies that deliver their services to hospitals and other healthcare-related institutions and are likely to have access to patient’s personal and medical information (e.g., Internet providers, IT companies, legal firms, accounting companies, etc.). In other words, everyone who is enabled to access PHI.

What are the main rules for HIPAA compliance?

HIPAA compliance involves organizations following numerous rules and standards. Here are the four main rules you should be aware of and strictly follow to become compliant with HIPAA regulations:
  • Privacy Rule. It warrants that patients have the right to have their private information well protected. It states what PHI data must be safeguarded and what security precautions must be held. The HIPAA Privacy Rule guarantees any records on a patient’s medical conditions, treatment, and payments for care (whether it’s past, present, or future) are subject to privacy.
  • Security Rule. It outlines the mechanisms of PHI data protection, comprising physical, administrative, and technical safeguards. These rules refer to both Covered Entities and Business Associates. Physical measures ensure physical security of the equipment (devices) used for processing and storing PHI. Administrative rules include internal policies, staff training, risk evaluation, etc. The technical safeguards involve encrypting data and networks used, audit trails of every PHI view and manipulation, and automatic logouts within a certain time.
  • Breach Notification Rule. This one determines how organizations must act in case of any HIPAA breach. These are different steps to be taken depending on how harmful the breach was and how many records it affected. Anyway, organizations must notify both patients and the HHS departments about all violations that occurred.
  • Omnibus Rule. This rule is one of the most recent ones applying to Business Associates regarding their HIPAA compliance. It enforces Covered Entities to sign BAAs (Business Associate agreements) with third parties who store or transmit data related to patients’ PHI.

How to get HIPAA compliance in airSlate SignNow

airSlate SignNow meets all HIPAA compliance regulations, therefore it’s a perfect solution for healthcare institutions to use to sign their medical-related documents. It ensures a high level of data protection, storage, and sending under AES-256 bit encryption protocols. Plus, the Audit Trail function allows medical staff and healthcare-related organizations to control every action taken to PHI documents. To start working under HIPAA compliance in airSlate SignNow, you should contact our Support team. They’ll switch on the functionality manually for you. HIPAA compliance is active when the Invite to Sign option is inactive.

What are the penalties for HIPAA compliance violations?

Penalties for HIPAA violations depend on the situation and state-specific rules. They can involve both administrative (fines) or criminal punishment (arrest and imprisonment). Fines vary a lot and are subject to how harmful the security breach was. When accidentally committed, organizations can get a fine of up to $50,000 per case or per record. However, if it turns out that the breach was willful (with malevolent intentions), then the punishment is more severe, including heavy fines reaching up to $250,000 and imprisonment for a maximum of 10 years. Thus, the lack of data protection, stolen devices, discussing or sending PHI to unauthorized people, or stealing PHI data is detrimental.

Take action to prevent HIPAA violations:

  • regularly hold HIPAA compliance training sessions with your staff;
  • ensure your software is updated to keep data encrypted;
  • never leave files or devices with PHI data out in the open and unattended;
  • ensure all paper and digital documentation any information about patients is securely stored;
  • don’t discuss patient information with unauthorized people: in SMS, messengers, or on social media;
  • don’t share your login credentials, even with colleagues;
  • immediately report any violations to your HIPAA compliance officer.

What is HIPAA compliance training?

HIPAA compliance requires companies and organizations that signed a BAA certificate to arrange consistent annual training for employees on HIPAA. During the training sessions, it’s important to remind your staff about Personal Health Information; the principles of using and securely storing it, and the measures to be taken when noticing HIPAA violations. Organizations need to hold yearly HIPAA training to re-examine staff.
be ready to get more

Get legally-binding signatures now!