Mental Health News Radio

Easy Steps for HIPAA Security

Print Friendly, PDF & Email

Understanding HIPAA security standards is an important element in becoming HIPAA compliant. HIPAA regulation mandates that covered entities, such as physicians, insurance companies, and health care clearinghouses, implement an effective compliance program that addresses the full spectrum of security standards to safeguard patient health data.

Listen to our podcast with CEO Marc Haskelson.

When it comes to HIPAA security, there are three major components that must be addressed within your practice to keep protected health information (PHI) secure. PHI is sensitive patient health data such as names, dates of birth, social security numbers, and medical records, among other pieces of demographic information.

Below, we discuss the basic elements of the HIPAA Security Rule so you can understand how a total HIPAA compliance program can help defend your behavioral health practice against data breaches and fines.

Physical Security

Physical HIPAA security is important because it involves protecting your office or physical location. PHI that is stored in paper form must be properly protected. That means that health records must be kept in a secure location such as a locked filing cabinet or locked room. Only authorized employees should be able to access these records to execute work they’ve been hired to do.

Additionally, physical security requirements extend to general site access. Entrances and exits must be secured and locked to prevent break-ins and unlawful entries to the site that could compromise PHI.

Technological Security

Technological HIPAA security is essential to protecting electronic PHI (ePHI). All devices that access, store, handle, or maintain ePHI must be regularly inventoried. These devices must be equipped with high-security passwords and full-disc encryption for extra protection.

Additionally, networks must be able to weather malware and cyber-attacks. Depending on the scope of your behavioral health practice, you may need to implement a firewall to safeguard patient information from unlawful access.

Administrative Security

Administrative HIPAA security involves tracking and documenting your practice’s security polices and procedures. You must have written documentation of the standards you’ve adopted to address HIPAA security requirements. In the event that your behavioral health practice experiences a data breach or HIPAA fine, you must be able to present federal investigators with this documentation.

It’s essential to keep this information updated regularly to ensure that ongoing HIPAA security measures are being maintained.


Compliancy Group gives behavioral health professionals confidence in their HIPAA compliance with The Guard™. The Guard is a web-based HIPAA compliance solution, built by former auditors to help simplify compliance.

Compliancy Group’s team of expert Compliance Coaches™ field questions and guide users through the implementation process, taking the stress out of managing compliance. The Guard is built to address the full extent of HIPAA regulation, including the HIPAA Security and Privacy Rules.

With The Guard, behavioral health professionals can focus on running their practice while keeping their patients’ data protected and secure.

Find out more about how Compliancy Group can help simplify your HIPAA compliance today!



Mental Health News RadioListen to Stitcher