The Health Insurance Portability and Accountability Act (HIPAA) of 1996, its later revisions and additions, and any connected legislation must all be complied with to be considered HIPAA compliant. To maintain the security of patient data and comply with HIPAA Rules, covered entities and business partners with access to PHI are required to put administrative, physical, and technical protections in place.
A business cannot demonstrate HIPAA compliance with a single static standard. To accommodate the variety of types and sizes of covered entities and business partners that create, access, process, or store PHI and are therefore required to comply with HIPAA, the rules and standards of HIPAA are purposefully wide and adaptable. Organizations are in charge of continuously demonstrating that they adhere to all HIPAA regulations and procedures.