Health Insurance Portability and Accountability Act

What is HIPAA?

HIPAA is an information security standard aimed to protect patient data healthcare organizations are entrusted with. It is closely regulated by the Office for Civil Rights (OCR).

How Does FRSecure Approach HIPAA Engagements?

Like many security standards, it all starts with doing the basics right. FRSecure starts with a risk assessment—giving you an in-depth look at where your strengths and weaknesses are as it relates to protecting patient data.

HIPPA: Health Insurance Portability and Accountability Act

HIPAA Processes

A HIPAA and OCR engagement starts with a risk assessment. We take a holistic view of your security program while simulastaneously mapping to OCR protocols and satisfying MACRA MIPS.

Because FRSecure risk assessments map directly to OCR protocols, each report shows all OCR controls and where your organization does or does not comply. Also, looking at your security program in total, the gap analysis shows the checkbox compliance gaps as well as general security best practice gaps.

Knowing where your gaps are in OCR protocols, FRSecure provides you with detailed remediation steps to help you fill any compliance gaps you may have.

Retesting is an important component of remediation. Your organization should be able to understand how each remediation effort impacts its overall security program. With an FRSecure risk assessment, the adjustments you make to your remediation report will immediately update your risk assessment and OCR mapping.


The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the United States Congress.

All healthcare providers in the United States need to be HIPAA compliant. This includes hospitals, doctors, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies.

To comply with HIPAA, general security best practices come into play. This includes adhering to and implementing required technical, administrative, and physcial safeguards.