​
​The assumed answer is HIPAA. To clarify, HIPAA is an act and not a governing body of any sort. HIPAA’s rules and regulations are enforced by the U.S. Department of Health & Human Services (HHS) and their Office for Civil Rights (OCR). Besides Attorney Generals, other entities cannot enforce HIPAA, it acts as a standard for the healthcare industry and is used as a measuring stick for due diligence. 

An organization who is HIPAA compliant has completed the appropriate audits, documented appropriate policies, had a qualified expert conduct a risk assessment, trained employees on how to handle patient data, ensured vendors were HIPAA compliant and enforced diligent security practices. Does this sound like your business? Chances are that if you are reading this blog, you are not so sure.
​
Unfortunately, with HIPAA you are either compliant or not, and most businesses are failing at the task. In this blog we will cover the fundamentals of compliance and key areas where organizations are having trouble.

​A complex set of regulations like HIPAA requires constant work to keep up to date within an organization. With requirements ranging from six unique audits per year to training to vendor management, it is not a task that most healthcare organizations can devote the time to. An organization must be more than just familiar with the rules, they must study rulings against other organizations, stay up to date with any changes, update policies, and know cyber security well.  This begs the question, who’s handling HIPAA for you and are they up to the task?