We have some exciting news! We have acquired Orkus and OverWatchID. Read more.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for keeping patients’ medical information safe. This regulation provides security and data privacy requirements for organizations handling protected health information (PHI).


The largest HIPAA settlement to date 1


more exposed health records since 2017 2

Who must comply with HIPAA?

Simply put, anyone using PHI should keep that information safe. However, only certain individuals and organizations are required to comply with HIPAA. They include:

See the blueprint for securing HIPAA-related data


Implement comprehensive, intelligent identity for healthcare


What are the key HIPAA areas identity governance addresses?

Security management policy
Identify and analyze potential risks to PHI and implement security policies to strengthen vulnerabilities.

Information access management/access control
Implement policies and procedures for authorizing appropriate access to PHI.

Activity logs and audit controls
Implement hardware, software and/or processes to record and monitor access to electronic PHI.

Periodically assess security policies and procedures.

What if your organization doesn’t comply?

The cost of non-compliance can total millions of dollars. But failing to meet HIPAA security requirements can also lead to health data breaches that go beyond financial loss. Shutting down systems during the remediation process can prevent clinicians from providing their patients the care they need.

Why compliance is insufficient for healthcare cybersecurity


How to implement a governance-based approach in healthcare


How identity governance helps ensure HIPAA compliance

SailPoint’s cloud identity platform enables you to comply with HIPAA by:

  • Applying artificial intelligence/predictive analytics to monitor and identify unusual access behavior
  • Consistently enforce access policies and apply controls to all applications containing PHI
  • Locating and securing HIPAA-related data stored in files
  • Automate periodic reviews of user access rights

How does our open cloud identity governance platform help your business?

We make it possible for you to see and control access to all apps and data for all users, including non-human ones like bots.