What is the Health Insurance Portability and Accountability Act (HIPAA)?


The Health Insurance Portability and Accountability Act (HIPAA) privacy, security, and breach notification rules define the national standard for securing and processing protected health information (PHI) in the United States. Under HIPAA, organizations must protect the privacy and security of health information and provide individuals with certain rights to their health information. An effective HIPAA compliance program is key to meeting the requirements of the law.

How OneTrust Helps


As the global leader in Privacy Management Software, OneTrust has developed industry-leading Assessment Automation, Data Mapping Automation, and Risk Analysis technologies. These tools and privacy expertise, combined with the most extensive and up-to-date privacy, security, and third-party risk research​ from OneTrust DataGuidance™, offer a modern approach to risk detection and mitigation.
A HIPAA compliance program utilizing OneTrust’s suite of comprehensive privacy management tools can help with the establishment, maintenance, and continual improvement of your HIPAA compliance program – enabling your organization to provide appropriate protection of electronic protected health information.

Assess HIPAA Risk

Manage and assess HIPAA risks, identify and calculate threats to individual assets, and track risk treatment plans.

Bolster Privacy Program

Leverage DataGuidance for HIPAA regulatory research, train your employees on privacy practices, and measure your privacy program maturity

Manage Third-Party HIPAA Risk

Create workflows to automate HIPAA third-party risk assessments on your business associates to ensure that you safeguard protected health information (PHI) and meet HIPAA’s security and privacy rules

OneTrust DataGuidance™ 


OneTrust DataGuidance has organized, summarized, and made searchable hundreds of global privacy and security laws and frameworks. Search news on HIPAA guidance, regulations, decisions, and case law.

  • Leverage High-Impact Research Portals to help you interpret requirements for implementing HIPAA requirements
  • Access to a multitude of templates and checklists to assist with the implementation of your compliance program
  • Deep dive into research on program requirements with access to source materials and Guidance Notes written by industry experts

Risk Analysis  


The HIPAA Security Rule requires that covered entities and business associates conduct a risk analysis of their organization.

  • Leverage risk assessments designed by the Office of the National Coordinator for Health Information Technology (ONC), in collaboration with the HHS Office for Civil Rights (OCR), and the HHS Office of the General Counsel (OGC).
  • Begin tracking, mitigating, and monitoring HIPAA risks all within the OneTrust platform

Program Benchmarking and Maturity & Planning


How does your organization’s privacy program compare to your peers? Compare your HIPAA program with other’s in the healthcare sector and assess your program’s maturity and plan for compliance with OneTrust’s Program Benchmarking and Maturity & Planning solutions.

Compare your organization’s privacy program with others based on industry, region, revenue, and program scope, and compare to other’s in the healthcare sector 

Assess your program’s maturity and determine gaps in your HIPAA compliance preparedness with OneTrust Maturity & Planning   

OneTrust Data Mapping Automation


Use the OneTrust data mapping solution to identify assets and processing activities that involve PHI with attributes and related data elements.

Automatically associate your HIPAA risk analysis with assets and processing activities as well as risks specific to processing of PHI  

Understand the flow of PHI from collection to deletion and associate Business Associate Agreements and associate HIPAA controls     

OneTrust Vendor Risk Management  


Covered Entities that create, receive, maintain, or transmit protected health information must manage vendors they use that interact with PHI

Access templates designed to review Business Associate-specific requirements and follow HHS best practices by leveraging built in NIST CSF and NIST 800-53 controls  

Leverage automation to perform assessments and maintain records for compliance 

Prevent, detect, contain, and correct security violations relating to vendors, consultants, and other entities that may handle e-PHI

OneTrust Incident & Breach Response  


Powered by One Trust Dataguidance™, an innovative solution that integrates breach notification laws directly into the OneTrust platform. 

Centrally manage incidents, automate tasks, and maintain records for compliance and notification with HIPAA 

Build HIPAA context-aware automated workflows that help your organization rapidly respond to incidents and enhance breach notification decision-making in the event that healthcare data us lost or breached 

Awareness Training  


Leverage OneTrust Awareness Training with an ever-expanding library of content-rich subject matter, specifically designed to train your staff in privacy awareness essentials and help you maintain compliance throughout your organization, developed by the IAPP and now powered by OneTrust

Create a bespoke training program for all areas of your business, track progress, and re-train regularly 

Leverage courses built for the healthcare industry to help define personal data and sensitive personal health data  

Train employees handling PHI with a focus on key privacy laws that affect the processing of health data

Get Started with OneTrust Today

See how OneTrust can help with your HIPAA Program today

Request Demo