{"id":505,"date":"2022-01-07T07:30:02","date_gmt":"2022-01-07T07:30:02","guid":{"rendered":"https:\/\/www.wellreceived.com\/blog\/?p=505"},"modified":"2025-10-09T12:58:46","modified_gmt":"2025-10-09T12:58:46","slug":"three-main-components-of-hipaa","status":"publish","type":"post","link":"https:\/\/www.wellreceived.com\/blog\/three-main-components-of-hipaa\/","title":{"rendered":"What are the HIPAA rules?"},"content":{"rendered":"\n<p><strong>The Health Insurance Portability and Accountability Act (HIPAA)<\/strong> was introduced as a federal law in 1996 with the main goal of <a href=\"https:\/\/www.wellreceived.com\/features\/HIPAA-compliant-answering-service\" target=\"_blank\" rel=\"noreferrer noopener\">protecting patient health information<\/a> at a time when paper was transitioning to an electronic format.<\/p>\n\n\n\n<p>These regulations provide guidance for the appropriate uses and disclosures of protected health information (PHI). Healthcare providers that transmit information\u2014along with workers acting on behalf of covered entities\u2014must comply. Along with properly protecting patient information, HIPAA benefits the healthcare industry by ensuring efficient sharing of information needed to provide high quality health care.<\/p>\n\n\n\n<p>Having a national standard for recording and exchanging information between healthcare providers and other appropriate parties acts as a safeguard to protect sensitive personal information.<\/p>\n\n\n\n<p>What are the HIPAA rules? <strong>HIPAA lists 3 main components<\/strong> for compliance. They cover administrative, physical, and technical safeguards.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What are the three rules of HIPAA?<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"580\" src=\"https:\/\/storage.googleapis.com\/wr_blog\/1\/2022\/01\/14-min-1.png\" alt=\"patient privacy systems\" class=\"wp-image-646\" srcset=\"https:\/\/storage.googleapis.com\/wr_blog\/1\/2022\/01\/14-min-1.png 1024w, https:\/\/storage.googleapis.com\/wr_blog\/1\/2022\/01\/14-min-1-300x170.png 300w, https:\/\/storage.googleapis.com\/wr_blog\/1\/2022\/01\/14-min-1-768x435.png 768w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Privacy rule<\/h3>\n\n\n\n<p><strong>The HIPAA privacy rule sets a national standard for ensuring the confidentiality and integrity of a patient&#8217;s information<\/strong>. The main goal is to ensure a balance between keeping patient information secure and the flexibility of permitted use to deliver top quality care. Covered entities that must follow HIPAA privacy regulations are also defined, alongside patients&#8217; rights over their personal healthcare information.&nbsp; The Department of Health and Human Services enforce HIPAA rules, and all employees must be trained on these policies and procedures annually.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"580\" src=\"https:\/\/storage.googleapis.com\/wr_blog\/1\/2022\/01\/12-min.png\" alt=\"patient security issues\" class=\"wp-image-647\" srcset=\"https:\/\/storage.googleapis.com\/wr_blog\/1\/2022\/01\/12-min.png 1024w, https:\/\/storage.googleapis.com\/wr_blog\/1\/2022\/01\/12-min-300x170.png 300w, https:\/\/storage.googleapis.com\/wr_blog\/1\/2022\/01\/12-min-768x435.png 768w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The security rule<\/h3>\n\n\n\n<p>The<strong> HIPAA security rule<\/strong> states that covered entities must analyze and implement effective security measures to safeguard patient data. This rule doesn&#8217;t specifically set out exact measures that must be taken, but outlines certain considerations, for example:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The use of adequate technical hardware and software\u00a0<\/li>\n\n\n\n<li>The likelihood of security breach\u00a0<\/li>\n\n\n\n<li>Continual review of procedures<\/li>\n<\/ul>\n\n\n\n<p>Alongside these recommendations, the security rule also requires the implementation of safeguards that cover administrative, physical, and technical aspects of security.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"580\" src=\"https:\/\/storage.googleapis.com\/wr_blog\/1\/2022\/01\/15-min.png\" alt=\"doctor logging in a security matter\" class=\"wp-image-648\" srcset=\"https:\/\/storage.googleapis.com\/wr_blog\/1\/2022\/01\/15-min.png 1024w, https:\/\/storage.googleapis.com\/wr_blog\/1\/2022\/01\/15-min-300x170.png 300w, https:\/\/storage.googleapis.com\/wr_blog\/1\/2022\/01\/15-min-768x435.png 768w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The breach notification rule<\/h3>\n\n\n\n<p><strong>The HIPAA breach notification rule requires covered entities<\/strong> to notify patients if their personal health information (PHI) has been breached. If data has been compromised, covered entities should use a 4-factor test to assess whether the risk is on a low or greater-than-low threshold.&nbsp;<\/p>\n\n\n\n<p>The four parts of the test are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Type of PHI involved and to what extent\u00a0<\/li>\n\n\n\n<li>Identity of the unauthorized parties who used the PHI or to whom the disclosure was made<\/li>\n\n\n\n<li>Whether the PHI was acquired or viewed<\/li>\n\n\n\n<li>Mitigation of risk<\/li>\n<\/ul>\n\n\n\n<p>If there has been an obvious compromise, covered entities are under no obligation to carry out the 4-factor test and can notify patients immediately. Covered entities have up to 60 days to notify those involved.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">HIPAA rules\u2014security safeguards<\/h2>\n\n\n\n<p><strong>Offering your patients a HIPAA-compliant service through video, chat, and by phone maintains a crucial level of trust.<\/strong> Here at WellReceived, we\u2019re proud to be HIPAA compliant, and our <a rel=\"noreferrer noopener\" href=\"https:\/\/www.wellreceived.com\/services\/virtual-medical-receptionist\" target=\"_blank\">virtual medical receptionists <\/a>are trained to take every message in accordance with HIPAA standards. They complete multiple training courses in call-handling practices.<\/p>\n\n\n\n<p>If you would like to know more about HIPAA and WellReceived services you can contact us 24\/7\/365.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<div style=\"text-align: center;\">\n  <a href=\"https:\/\/wrsales.setmore.com\/\" style=\"display: inline-block; padding: 12px 24px; background-color: #4A8DFF; font-family: 'Inter', Arial, Helvetica, sans-serif; color: #FFFFFF; text-decoration: none; border-radius: 50px; font-size: 16px; line-height: 24px; font-weight: 600; margin: 0 0 40px;\" target=\"_blank\" rel=\"noopener\">Book your free consultation<\/a>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>The Health Insurance Portability and Accountability Act (HIPAA) was introduced as a federal law in 1996&#8230;<\/p>\n","protected":false},"author":4,"featured_media":647,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[],"class_list":["post-505","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-how-it-works"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What Are The 3 Main Components Of HIPAA Compliance? - WellReceived Blog<\/title>\n<meta name=\"description\" content=\"Discover the essential elements of HIPAA compliance, including Privacy, Security, and Breach Notification Rules, to ensure the protection of patient information.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.wellreceived.com\/blog\/three-main-components-of-hipaa\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What Are The 3 Main Components Of HIPAA Compliance? - WellReceived Blog\" \/>\n<meta property=\"og:description\" content=\"Discover the essential elements of HIPAA compliance, including Privacy, Security, and Breach Notification Rules, to ensure the protection of patient information.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.wellreceived.com\/blog\/three-main-components-of-hipaa\/\" \/>\n<meta property=\"og:site_name\" content=\"WellReceived Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-07T07:30:02+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-09T12:58:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/storage.googleapis.com\/wr_blog\/1\/2022\/01\/12-min.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"580\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Terri Phillips\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Terri Phillips\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.wellreceived.com\/blog\/three-main-components-of-hipaa\/\",\"url\":\"https:\/\/www.wellreceived.com\/blog\/three-main-components-of-hipaa\/\",\"name\":\"What Are The 3 Main Components Of HIPAA Compliance? - WellReceived Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.wellreceived.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.wellreceived.com\/blog\/three-main-components-of-hipaa\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.wellreceived.com\/blog\/three-main-components-of-hipaa\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/storage.googleapis.com\/wr_blog\/1\/2022\/01\/12-min.png\",\"datePublished\":\"2022-01-07T07:30:02+00:00\",\"dateModified\":\"2025-10-09T12:58:46+00:00\",\"author\":{\"@id\":\"https:\/\/www.wellreceived.com\/blog\/#\/schema\/person\/9a9e18c82711f0e389a303838298e18d\"},\"description\":\"Discover the essential elements of HIPAA compliance, including Privacy, Security, and Breach Notification Rules, to ensure the protection of patient information.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.wellreceived.com\/blog\/three-main-components-of-hipaa\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.wellreceived.com\/blog\/three-main-components-of-hipaa\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.wellreceived.com\/blog\/three-main-components-of-hipaa\/#primaryimage\",\"url\":\"https:\/\/storage.googleapis.com\/wr_blog\/1\/2022\/01\/12-min.png\",\"contentUrl\":\"https:\/\/storage.googleapis.com\/wr_blog\/1\/2022\/01\/12-min.png\",\"width\":1024,\"height\":580,\"caption\":\"Securing telehealth data\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.wellreceived.com\/blog\/three-main-components-of-hipaa\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.wellreceived.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How it works\",\"item\":\"https:\/\/www.wellreceived.com\/blog\/category\/how-it-works\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"What are the HIPAA rules?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.wellreceived.com\/blog\/#website\",\"url\":\"https:\/\/www.wellreceived.com\/blog\/\",\"name\":\"WellReceived Blog\",\"description\":\"WellReceived Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.wellreceived.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.wellreceived.com\/blog\/#\/schema\/person\/9a9e18c82711f0e389a303838298e18d\",\"name\":\"Terri Phillips\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.wellreceived.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cdff767c73137176cc289865683e192d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cdff767c73137176cc289865683e192d?s=96&d=mm&r=g\",\"caption\":\"Terri Phillips\"},\"url\":\"https:\/\/www.wellreceived.com\/blog\/author\/terri\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What Are The 3 Main Components Of HIPAA Compliance? - WellReceived Blog","description":"Discover the essential elements of HIPAA compliance, including Privacy, Security, and Breach Notification Rules, to ensure the protection of patient information.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.wellreceived.com\/blog\/three-main-components-of-hipaa\/","og_locale":"en_US","og_type":"article","og_title":"What Are The 3 Main Components Of HIPAA Compliance? - WellReceived Blog","og_description":"Discover the essential elements of HIPAA compliance, including Privacy, Security, and Breach Notification Rules, to ensure the protection of patient information.","og_url":"https:\/\/www.wellreceived.com\/blog\/three-main-components-of-hipaa\/","og_site_name":"WellReceived Blog","article_published_time":"2022-01-07T07:30:02+00:00","article_modified_time":"2025-10-09T12:58:46+00:00","og_image":[{"width":1024,"height":580,"url":"https:\/\/storage.googleapis.com\/wr_blog\/1\/2022\/01\/12-min.png","type":"image\/png"}],"author":"Terri Phillips","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Terri Phillips","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.wellreceived.com\/blog\/three-main-components-of-hipaa\/","url":"https:\/\/www.wellreceived.com\/blog\/three-main-components-of-hipaa\/","name":"What Are The 3 Main Components Of HIPAA Compliance? - WellReceived Blog","isPartOf":{"@id":"https:\/\/www.wellreceived.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.wellreceived.com\/blog\/three-main-components-of-hipaa\/#primaryimage"},"image":{"@id":"https:\/\/www.wellreceived.com\/blog\/three-main-components-of-hipaa\/#primaryimage"},"thumbnailUrl":"https:\/\/storage.googleapis.com\/wr_blog\/1\/2022\/01\/12-min.png","datePublished":"2022-01-07T07:30:02+00:00","dateModified":"2025-10-09T12:58:46+00:00","author":{"@id":"https:\/\/www.wellreceived.com\/blog\/#\/schema\/person\/9a9e18c82711f0e389a303838298e18d"},"description":"Discover the essential elements of HIPAA compliance, including Privacy, Security, and Breach Notification Rules, to ensure the protection of patient information.","breadcrumb":{"@id":"https:\/\/www.wellreceived.com\/blog\/three-main-components-of-hipaa\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.wellreceived.com\/blog\/three-main-components-of-hipaa\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.wellreceived.com\/blog\/three-main-components-of-hipaa\/#primaryimage","url":"https:\/\/storage.googleapis.com\/wr_blog\/1\/2022\/01\/12-min.png","contentUrl":"https:\/\/storage.googleapis.com\/wr_blog\/1\/2022\/01\/12-min.png","width":1024,"height":580,"caption":"Securing telehealth data"},{"@type":"BreadcrumbList","@id":"https:\/\/www.wellreceived.com\/blog\/three-main-components-of-hipaa\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.wellreceived.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How it works","item":"https:\/\/www.wellreceived.com\/blog\/category\/how-it-works\/"},{"@type":"ListItem","position":3,"name":"What are the HIPAA rules?"}]},{"@type":"WebSite","@id":"https:\/\/www.wellreceived.com\/blog\/#website","url":"https:\/\/www.wellreceived.com\/blog\/","name":"WellReceived Blog","description":"WellReceived Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.wellreceived.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.wellreceived.com\/blog\/#\/schema\/person\/9a9e18c82711f0e389a303838298e18d","name":"Terri Phillips","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.wellreceived.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cdff767c73137176cc289865683e192d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cdff767c73137176cc289865683e192d?s=96&d=mm&r=g","caption":"Terri Phillips"},"url":"https:\/\/www.wellreceived.com\/blog\/author\/terri\/"}]}},"_links":{"self":[{"href":"https:\/\/www.wellreceived.com\/blog\/wp-json\/wp\/v2\/posts\/505"}],"collection":[{"href":"https:\/\/www.wellreceived.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wellreceived.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wellreceived.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wellreceived.com\/blog\/wp-json\/wp\/v2\/comments?post=505"}],"version-history":[{"count":7,"href":"https:\/\/www.wellreceived.com\/blog\/wp-json\/wp\/v2\/posts\/505\/revisions"}],"predecessor-version":[{"id":1738,"href":"https:\/\/www.wellreceived.com\/blog\/wp-json\/wp\/v2\/posts\/505\/revisions\/1738"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.wellreceived.com\/blog\/wp-json\/wp\/v2\/media\/647"}],"wp:attachment":[{"href":"https:\/\/www.wellreceived.com\/blog\/wp-json\/wp\/v2\/media?parent=505"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wellreceived.com\/blog\/wp-json\/wp\/v2\/categories?post=505"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wellreceived.com\/blog\/wp-json\/wp\/v2\/tags?post=505"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}