The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for keeping patients medical information safe. This regulation provides security and data privacy requirements for organizations handling protected health information (PHI).


The largest HIPAA settlement to date 1


more exposed health records since 2017 2

Who must comply with HIPAA?

Simply put, anyone using PHI should keep that information safe. However, only certain individuals and organizations are required to comply with HIPAA. They include:

How can SailPoint help you comply with HIPAA?

Our open cloud identity governance platform makes it easy for you to stay compliant by seeing and controlling access to all your apps and data for every user, including bots.

Discover How

  1. U.S. Department of Health & Human Services, Press Release, October 15, 2018.
  2. HIPAA Journal, “2019 Data Breach Barometer Report Shows Massive Increase in Exposed Healthcare Records,” February 13, 2019.

What are the key HIPAA areas identity governance addresses?

Security management policy

Identify and analyze potential risks to PHI and implement security policies to strengthen vulnerabilities.

Information access management/access control

Implement policies and procedures for authorizing appropriate access to PHI.

Activity logs and audit controls

Implement hardware, software and/or processes to record and monitor access to electronic PHI.


Periodically assess security policies and procedures.

What if your organization doesn’t comply?

The cost of non-compliance can total millions of dollars. But failing to meet HIPAA security requirements can also lead to health data breaches that go beyond financial loss. Shutting down systems during the remediation process can prevent clinicians from providing their patients the care they need.

Make sure you’re compliant with HIPPA.

Learn how SailPoint can help.