Skip to content
ZxR Cyber Sentinel 4.1 is available — Discover our AI models
HIPAALawInternationalMandatory

HIPAA

Authority : HHS
18 standards
Overview

What is HIPAA ?

HIPAA (Health Insurance Portability and Accountability Act) is the US federal law that defines protection requirements for Protected Health Information (PHI). It applies to covered entities (healthcare providers, health plans, clearinghouses) and their business associates. HIPAA includes the Security Rule (administrative, physical, and technical safeguards for ePHI), the Privacy Rule (patient rights and permitted uses of PHI), and the Breach Notification Rule (notification obligations in case of breach). Penalties can reach $2.1 million per violation category.

Key Points

  • Security Rule: administrative safeguards (policies, training, access management), physical (facility controls, workstations), and technical (encryption, audit trails, access control)
  • Privacy Rule: patient rights (access, amendment, restriction), minimum necessary, authorizations
  • Breach Notification Rule: notification within 60 days to individuals, HHS, and media (if more than 500 individuals affected)
  • Mandatory Business Associate Agreements (BAA) for any subcontractor accessing PHI
  • Mandatory risk analysis and documentation of the risk management plan

Why Zaxyr

Zaxyr automates HIPAA compliance by collecting evidence of administrative, physical, and technical safeguards from your healthcare systems. The platform tracks Security Rule, Privacy Rule, and Breach Notification Rule requirements, and provides native mapping to SOC 2 and ISO 27001 for multi-certified organizations.

Start Your Compliance Journey

Get a personalized compliance assessment. Our team will guide you through.