HIPAA was enacted in 1996 to provide data privacy and security provisions for safeguarding medical information. By 2017, 86% of office-based physicians had digitized their patient health records. To provide standards for their confidentiality, integrity and security, the U.S. Department of Health and Human Services (HHS) issued the HIPAA Security Rule. Compliance with this rule is widely regarded as a best practice for securing electronic protected health information (ePHI).

What is the HIPAA Security Rule?

The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of ePHI.

How can SailPoint help you comply with HIPAA?

Our open cloud identity governance platform makes it easy for you to stay compliant by seeing and controlling access to all your apps and data for every user.

Discover How

What are the key HIPAA areas identity governance addresses?

Protect ePHI integrity

Identify and analyze potential risks to ePHI and implement governance, risk and compliance polices to strengthen vulnerabilities 

Information access management/access control

Know who has access to what applications and data, and how that access is being used.

Activity logs and audit controls

Reduce the cost of compliance by automatically generating audit trails and access reports on all key applications and data.


Periodically assess security policies and procedures.

How identity governance helps ensure HIPAA compliance.

  • Applying artificial intelligence/predictive analytics to monitor and identify unusual access behavior
  • Consistently enforce access policies and apply controls to all applications containing ePHI
  • Locating and securing structured and unstructured ePHI regardless of where they’re stored
  • Automate periodic reviews of user access rights

What if your organization doesn’t comply?

The cost of non-compliance can total millions of dollars. But failing to meet HIPAA security requirements can also lead to health data breaches that go beyond financial loss.

Make sure you’re compliant with HIPPA.

Learn how SailPoint can help.

Get Started Today