Updated 2025: Looking for a Business Associate Agreement? Download our FREE template

TotalHIPAA Logo

Guest Blog: Meet the HIPAA Police

This is another great guest blog from our friends at GRA Benefits:

The HIPAA police, a.k.a. the Department of Health and Human Services (HHS), are happy to meet you if you do any one or more of the following things:

  1. Do not encrypt your email
  2. Let a hacker access your customer database
  3. Leave completed client forms in a dumpster
  4. Share PHI with a subcontractor without an agreement
  5. Fail a carrier audit

If the HIPAA police do show up at your office. They will come with gifts – a fine for $100-$1.5 million and maybe even a warrant for your arrest. They will also post about you on their website, free publicity!

Odds are, you don’t want to meet the HIPAA police. Here are some tips to avoid them:

  1. Encrypt your email. While you’re at it, encrypt all your data-at-rest too. If you send an encrypted email to the wrong person, you could prevent the incident from becoming a breach.
  2. Set up a secure firewall, malware security software, and strong passwords. Adding multiple layers of security will further protect your information from a hacker attempting to access it.
  3. Shred it! Any type of media, including paper and electronic devices, should be properly destroyed. Client forms and other paper should be shredded. Old hard drives and computer equipment should be properly cleared or destroyed.
  4. Issue Business Associate Agreements (BAA) with any downstream entities that handle PHI on your behalf. This includes your IT vendor, shredding company, cleaning company, or possibly your building owner. The basic rule is if they have access to the information, you should have a BAA with them.
  5. Pass your carrier audit by conducting a risk analysis. Carriers are required to be aware of their business associates’ compliance standing, therefore many carriers are performing audits. If you fail, they could dissolve your contract and report you to HHS. Conducting a risk analysis will make the carrier audit process simple.

 

A risk analysis can be overwhelming and time-consuming. Hiring an outside vendor, such as GRA Benefits Group, makes the process quick and pain-free.

By: Bridgette O’Connor
Google+

Sharing is caring!

Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.

Download Now

Want to stay informed?

Join our community, stay ahead of the curve on HIPAA compliance and receive free expert guidance.

Related Posts

The AI Evolution Across the HIPAA Ecosystem

The AI Evolution Across the HIPAA Ecosystem

As Artificial Intelligence becomes a standard business tool, HIPAA-regulated organizations must evolve their data security strategies. This guide explores how to leverage AI while maintaining compliance through robust Business Associate Agreements (BAAs), thorough risk assessments, and alignment with the NIST AI Risk Management Framework.

Step-by-Step: Establishing a BAA with Google for HIPAA

Step-by-Step: Establishing a BAA with Google for HIPAA

Think signing a BAA with Google is the final step in your HIPAA journey? Think again. While Google Workspace offers the infrastructure for compliance, the responsibility of configuration lies with you. From navigating the 2026 Gemini AI updates to aligning with new 42 CFR Part 2 requirements, our step-by-step guide walks you through exactly how to establish a BAA and—more importantly—what steps you must take next to remain protected.

Is OneDrive HIPAA Compliant? Your Guide to Secure File Storage

Is OneDrive HIPAA Compliant? Your Guide to Secure File Storage

While OneDrive offers secure infrastructure, HIPAA compliance is a shared responsibility. To use OneDrive for PHI in the U.S., you must execute a BAA, enable Multi-Factor Authentication, and disable public sharing. Using a personal or “Family” account is a violation of HIPAA rules. Follow our guide to secure your cloud storage and schedule a Clarity Call for expert guidance.

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Save Cart & Generate Link
Send Cart in an Email Done! close
Empty cart. Please add products before saving :)

Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Send Cart Email
Your cart email sent successfully :)