Scroll Top

5 Simple HIPAA Compliance Tips for Business Associates


The best way to break down what HIPPAA is and does is from an article written by Bicscobing and Sutner, titled: “HIPAA (Health Insurance Portability and Accountability Act)”, which states:

“HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information. The law has emerged into greater prominence in recent years with the proliferation of health data breaches caused by cyberattacks and ransomware attacks on health insurers and providers….

HIPAA defines a business associate as any organization or person working in association with or providing services to a covered entity who handles or discloses PHI or personal health records (PHR). Examples of business associates include accounting or consulting firms that work with covered entities, such as hospitals or doctors, or any number of other organizations that have or could have access to PHI or PHR.”

In the ever-growing number of data breaches, it’s up to organizations to stay current on HIPAA training and ongoing updates. Let’s look at some tips that can be implemented into your business to help make and keep you HIPAA compliant.


1. Familiarize Yourself with HIPaA Terminology

This may go without saying, but the more you know, the better off you are. Taking some time for a refresher is always a positive and will help make you and your business staff more knowledgeable about the do’s and don’ts of HIPAA.

Here’s a great definition index article that covers HIPAA AND HITECH terms.

2. Get a HIPaA Business Associate Agreement Signed

This rule is simple. If you have access to PHI, outsource services that contain PHI, or partner with someone who will have access to PHI, you need a BAA in place with the individual or organization. The BAA not only aims to protect patient sensitive data but aims to cover all parties involved in the handling of patient sensitive data. If you don’t have these in place, do so now. If you do, review your BAA to make sure it matches your current HIPAA policies and procedures.

Need a sample BAA Agreement? Check out this free version from DHHS.

3. Consider Using Gmail Business (G-Suite) for All Email Correspondence

The main reason for this is that G-Suite supports HIPAA compliance and offers safe PHI permitted services through core functions like Gmail, Drive, Sites, Keep, Calendar, and more. For $5 per user, you can ensure that you and your organization is handling PHI appropriately on the communication and cloud storage end.

For more information on the G-Suite and HIPAA, check out their implementation guide.

4. Invest in Workforce Training

Like any business, training for your organization or even for yourself is highly beneficial for performance, awareness, and professional structure. With HIPAA training, there is no official certification to obtain, however the premise is to closely follow the guidelines as much as possible. We recommend implementing a variety of HIPAA training resources such as – using an online HIPAA training course, developing a HIPAA policies and procedures handbook, developing a HIPAA crisis management plan in case of breaches or emergencies, and participating in professional development workshops for your staff.

Ready to go digital with your HIPAA training? Check out for more info.

5. Add Extra Security with Two-Factor Authentication

Cnet describes two-factor (2FA) as an extra step to your basic log-in procedure. Without 2FA, you enter in your username and password, and then you’re done. The password is your single factor of authentication. The second factor makes your account more secure, in theory.

Basically, this feature helps keep your accounts secure, limits the probability of having PHI compromised,  and can usually be found in account settings. It is worth to know that not all programs or services offer this feature, so be sure to regularly change your passwords to help offset this.

We recommend using the services’ 2FA feature, but some third-party 2FA services include – Duo Security, Google Authenticator, Microsoft Authenticator, and more.


More HIPAA compliance tips to consider…

Resources & Credits:
“Any trademarks, logos, or links (sources) used throughout this blog are the property of their respective owners.”

“This article is a tool we use in efforts to improve security and compliance with HIPAA, PCI, GLBA, and state privacy laws. It is not legal advice, nor is it meant to represent entire guidelines of what must be done to achieve compliance. The recommendations in this article are meant for informational purposes only and should not replace a legal opinion or review from a qualified privacy and/or security expert. Users of this article are encouraged to research and implement data protection and legal compliance according to their own interpretation.”


Privacy & Cookie Information
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. You will find our privacy and cookie policy below. By clicking "I Agree", you confirm you consent to our policies and/or have read them fully.

You can change your cookie setting's anytime. Please refer to your browser's help page to confirm how to disable cookies. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.