HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting
sensitive patient data. Any company that deals with protected health information (PHI) must
ensure that all the required physical, network, and process security measures are in place and
This includes covered entities (CE), anyone who provides treatment, payment and operations in
healthcare, and business associates (BA), anyone with access to patient information and
provides support in treatment, payment or operations. Subcontractors, or business associates
of business associates, must also be in compliance.