Many businesses are under the assumption that HIPAA laws and regulations apply only to hospitals and medical systems.

However any company, practice, or organization, that deals in any way with medical information must be compliant with HIPAA laws. This includes all firms that work with healthcare entities either on an internal or external basis.

Sarah Badahman, a HIPAA Compliance Specialist with Symvato, appeared on TNtv.  She said HIPAA regulations apply to a large variety of firms from small physician practices, to accounting firms that deal with healthcare entities, to legal firms, and even IT firms. This also applies to external billing companies.

Badahman said there are 18 identifiers that should be a point of focus for any business or individual. These pertain to anyone that maintains, accesses, or transmits a patient’s name, social security number, address, phone number, url address, or email address as part of regular business activities.
She says many firms have had their “head in the sand” in regard to HIPAA. However the passing of the Omnibus Rule in 2013 is giving HIPAA enforcement more teeth and should sound an alarm for any company that is not current with the latest regulations.

Three Steps to HIPAA Compliance

Badahman detailed the three key steps a business could take to start a HIPAA compliance program and reduce risk. These include:

  1. Conducting a security risk analysis. She said a business owner can’t correct what they don’t know that needs to be corrected. Companies like Symvato can help in this process.
  2. Identify all business associates. She indicated once you know who they are you can enter into an agreement that protects both the covered entity as well as the business associate from any breaches that may occur.
  3. Implement audit controls to make sure your firm is able to monitor any external viruses and that all medical information is protected from internal breaches.

For additional information on HIPAA policies and assessments visit

Watch the full interview with Sarah on TNTv below: