Blog
HIPAA Audit
HIPAA Guidelines Simplified in the 2021 HIPAA Guide

HIPAA Guidelines Simplified in the 2021 HIPAA Guide

Network security is more crucial than ever for healthcare providers.

Updated
December 9, 2022
Posted
December 10, 2020
HIPAA
HIPAA Guidelines Simplified in the 2021 HIPAA Guide

Network security is more crucial than ever for healthcare providers

The stresses that healthcare practices and networks have faced this year are unprecedented. The COVID crisis has forced hospitals and care centers into difficult situations and choices. Network security and HIPAA compliance are likely not at the top of the list of immediate concerns and cyber threat actors know this. They lie in wait for zero-day application vulnerabilities and continually scan for open ports on firewalls.

While most people are familiar with the Privacy Rule, the Security Rule can seem more difficult and overwhelming. However, the Security Rule is key in helping avoid worst-case scenarios like ransomware and malware which can cost millions of dollars and impact patient care.

HIPAA’s Security Rule states that covered entities (CA) and business associates (BA) must maintain the confidentiality, integrity, and availability of all protected health information (PHI) and electronic-PHI (e-PHI) they create, receive, maintain, or transmit. This need is not only dictated by HIPAA laws, but it is necessary to the everyday operations and care that health practices and networks provide.

This leaves healthcare in a tricky spot. They are targeted by hackers not only because their data is valuable on the dark web, but because it is critical to the practice–meaning the practice is likely to pay ransoms for locked or encrypted data. As they are being targeted, they are also burdened by the added weight of a global health crisis.

HIPAA laws and cybersecurity are not simple. The threats to healthcare are real. Our mission at SecurityMetrics is to help organizations close security gaps and prevent data breached. In line with this mission, we created our Guide to HIPAA Compliance, which was compiled alongside security analysts’ real-world examples to give entities a framework to better understand HIPAA and the critical areas where organizations need help.

Principal Security Analyst Jen Stone (MCIS, CCSFP, CISSP, CISA, QSA) says, “Many healthcare organizations understand the importance of HIPAA. They want to ensure the privacy and security of patient data, but they struggle because the law says what to do, not really how to do it. Our HIPAA Guide helps bridge that gap to give healthcare providers and business associates a way to implement policies, procedures, and security controls in a meaningful, HIPAA-compliant way.”

What’s new in the 2021 SecurityMetrics Guide to HIPAA Compliance?

HIPAA laws don’t change much from year to year, but auditor insights and perspectives have been updated in the 2021 Guide to reflect what they are seeing at healthcare practices. You will also find guidance on:

  • Cloud security in a HIPAA environment
  • 2021 HIPAA practice survey data
  • 2021 HIPAA information from the Office of Civil Rights (OCR)

As well as:

  • New graphs and diagrams
  • Improved design focused on usability
  • Improved "How to Read This Guide" section

Organizations use the 2021 HIPAA Guide to simplify HIPAA guidelines

Health entities use the SecurityMetrics Guide to HIPAA Compliance as a HIPAA training tool, a deskside reference, and an IT team guide.

Here is what our HIPAA Guide users say:

"Thank you for providing the guideline for our business. It is less stressful knowing that I have the correct guide to improve our services to our patients and to protect our business."

Nancy Wiseman, M.Ed., Ed.S., Vice President
Citrus Endodontics, P.A.

"This is the most comprehensive guide on HIPAA I have found."

Crystal Hertz
National Health Foundation

"The HIPAA Guide is one of the best helps/tools/references. It's well organized and easy to understand for our medical office staff and providers."

Hedy Haun, Sr. Process Analyst
Sharp HealthCare

"I loved SecurityMetrics. They have the best resources when it comes to PCI and HIPAA compliance and their customer service is unmatched."

Jennifer M. Connell, Owner
E2E Health Solutions, LLC

"SecurityMetrics Guide to HIPAA Compliance is really helpful, very informational and updated."

Jeffrey Delos Reyes
Flow Health Outsourcing, Inc.

New healthcare organization HIPAA survey data

Every year, our HIPAA research team conducts surveys of HIPAA leaders at healthcare organizations to find out where organizations could use support and education.

Our responses come from over 750 different healthcare professionals responsible for HIPAA compliance. These survey respondents mostly belong to organizations with less than 500 employees, however, the resulting data is important to organizations of all sizes, because almost all healthcare organizations share patient data with one another.

Here is some of the most notable 2021 HIPAA survey data

HIPAA TRAINING

  • 39% of respondents train employees annually
  • 52% of respondents provide HIPAA Security Rule training; 50% provide HIPAA Breach Notification Rule training; 66% provide HIPAA Privacy Rule training.

PATIENT DATA SECURITY

  • 36% of respondents encrypt patient data.
  • 86% of respondents delete or destroy sensitive data.

COMPLIANCE BASICS

  • 76% of respondents also comply with PCI DSS compliance; 12% comply with GDPR compliance; 10% comply with HITRUST requirements.
  • 55% of respondents review their business associate agreement documentation at least annually.

RISK MANAGEMENT

  • 28% of respondents don’t have a formal risk management plan

EMAIL SECURITY

  • 8% send patient data through unencrypted email services.

FIREWALL BEST PRACTICES

  • 44% of organizations use software firewall(s); 35% use hardware firewall(s); 32% use web application firewall(s).

SYSTEM MONITORING

  • 34% never review their data prevention tool logs.

VULNERABILITY SCANNING

  • 19% of respondents conduct vulnerability scans.

PENETRATION TESTING

  • 15% of respondents perform penetration tests

INTERNAL ASSESSMENTS

  • 43% of respondents conduct internal audits at least annually

INCIDENT RESPONSE

  • 19% of respondents don’t have any response plan policies in place
Download the 2021 Guide to HIPAA Compliance here! For press questions, email pr@securitymetrics.
Join thousands of security professionals.
Subscribe Now
Get the Guide to HIPAA Compliance
Download
Get Quote for HIPAA Compliance
Request a Quote
Stay up to date
Subscribe to our blog.
Subscribe Now
Data Security
Vulnerability ScanningPenetration TestingSecurity TrainingPANscan®SecurityMetrics VisionSecurityMetrics MobileCIS Controls AssessmentConsultingResellerForensic/Incident ResponseData and Network SecurityData Security AcademyWebpage Integrity Monitoring (WIM)Shopping Cart InspectShopping Cart Monitor (PCI 6.4.3 & 11.6.1)SecurityMetrics Pulse
Compliance
GDPR CompliancePCI CompliancePCI DSS AuditPCI Level 4 ProgramPA-DSS/SSF AuditP2PE AuditPIN Security AssessmentPCI PoliciesPCI TrainingHIPAA ComplianceHIPAA PoliciesHIPAA TrainingHealth Network ProgramHITRUST
Company Info
About UsBlogGlossaryMedia RelationsCareersTerms of UsePrivacyAbuseDo Not Sell My Information
Contact
Contact UsReport a Vulnerability
SecurityMetrics podcast logoLinkedIn logoFacebook logo
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy PolicyTerms and Conditions
Your IP Address is:
YouTube logoSecurityMetrics podcast logoLinkedIn logoFacebook logo
Subscribe to our blog
Subscribe Now
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy Policy
|
Terms and Conditions
|
Your IP Address is:
000.000.000.000