call: 530.888.6161

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a Federal Law to prevent abuses of personal health information (PHI), including unauthorized access. It is administered by the U.S. Department of Health and Human Services (HHS) and is enforced by the U.S. Office of Civil Rights. The bill ensures that health care organizations both large and small in the United States will be responsible for the secure electronic transmission and the safe storage and disposal of patient information.

Institutions that must comply with HIPAA are called "Covered Entities". Covered Entities include any organization or individual who retains or collects health related information. This includes the larger institutions such as hospitals, medical centers, and insurance companies.
There are also "Small Covered Entities". The Small Covered Entities include: Doctors, Dentist, Chiropractors, Psychiatrists, Psychologist, Counselors, Urgent Care Centers, Collection Agencies, Billing Centers, Physical Therapist and more. 

According to HIPAA, EVERY COVERED Entity no matter the size, must have documented policies defining reasonable measures they have instituted to prevent unauthorized access.


Noncompliance with HIPAA may have devastating consequences. It opens you up to severe fines and penalties as well as harmful publicity and litigation.

Noncompliance may result in:

  • Up $25,000 a year in Civil Fines

  • Up to 10 years in prison and criminal 
     penalties reaching $250,000