Resources

Straight to the point. Link out to primary sources.

What HIPAA actually requires

Primary sources: HHS.gov summaries for the Privacy Rule, Security Rule, Right of Access, and OCR guidance.

Get a free 90‑day plan

FAQs

What does HIPAA actually require for training?

Privacy Rule requires training on your policies and procedures for PHI. Security Rule requires a security awareness and training program.

Do I need a Security Risk Analysis (SRA)?

Yes. Conduct an SRA and review it periodically, especially after major changes.