Question 1

What is HIPAA?

Accepted Answer

HIPAA is the US Health Insurance Portability and Accountability Act. It includes federal rules that protect the privacy and security of Protected Health Information held by covered entities and their business associates.

Question 2

Who is a covered entity?

Accepted Answer

Covered entities are health plans, health care clearinghouses and most health care providers that transmit health information electronically in connection with specific transactions.

Question 3

What is a business associate?

Accepted Answer

A business associate is a person or organisation that performs certain functions involving PHI on behalf of a covered entity. Business associates are directly liable for HIPAA Security Rule requirements and certain Privacy Rule requirements.

Question 4

What is PHI?

Accepted Answer

Protected Health Information is individually identifiable health information created, received, maintained or transmitted by a covered entity or business associate in any form or medium.

Question 5

What is the Privacy Rule?

Accepted Answer

The Privacy Rule establishes national standards for the use and disclosure of PHI, individual rights and the responsibilities of covered entities to protect health information.

Question 6

What is the Security Rule?

Accepted Answer

The Security Rule requires covered entities and business associates to implement administrative, physical and technical safeguards to protect the confidentiality, integrity and availability of electronic PHI.

Question 7

What is the Breach Notification Rule?

Accepted Answer

The Breach Notification Rule requires notifications to affected individuals, the Department of Health and Human Services and, in some cases, the media when unsecured PHI is breached.

Question 8

What is a BAA?

Accepted Answer

A Business Associate Agreement is a written contract that sets out the permitted and required uses of PHI by a business associate and requires it to implement appropriate safeguards.

Question 9

How does HIPAA relate to ISO 27001 and NIST?

Accepted Answer

HIPAA aligns well with ISO 27001 and NIST-based frameworks. Organisations often reuse their ISMS and NIST control baselines to meet HIPAA Security Rule requirements through mapped controls.

Question 10

How does Basenorm support HIPAA?

Accepted Answer

Basenorm centralises HIPAA controls, BAAs, risk analyses, breach workflows and vendor oversight, with mappings to ISO 27001, NIST and HITRUST within the Unified Control Library.

HIPAA Compliance
for Covered Entities and Business Associates

Privacy Rule and PHI Governance

Three Safeguard Categories

PHI Data Flow

Processing Activities

Security Rule Safeguards

Breach Notification and Business Associates

BAA Management

Ready to operationalise HIPAA?

Frequently Asked Questions

HIPAA Compliancefor Covered Entities and Business Associates

Privacy Rule and PHI Governance

Three Safeguard Categories

PHI Data Flow

Processing Activities

Security Rule Safeguards

Breach Notification and Business Associates

BAA Management

Ready to operationalise HIPAA?

Frequently Asked Questions

What is HIPAA?

Who is a covered entity?

What is a business associate?

What is PHI?

What does the Privacy Rule require?

What does the Security Rule require?

How does breach notification work?

What is a Business Associate Agreement?

How does HIPAA interact with ISO 27001 and NIST?

How does Basenorm support HIPAA compliance?

Related FAQ Topics

HIPAA Compliance
for Covered Entities and Business Associates