HIPAA Reference

About This Page

Pain Point IT Solutions has set out to raise awareness of the information technology challenges and requirements that come with HIPAA and HITECH compliance laws that have been evolving since 1996. The following web-page that we have created will provide you with some useful links and information so that you can research and learn more about your responsibilities and requirements for your organizations information technology infrastructure according to written law. Pain Point IT Solutions does not provide legal advice, but we can provide you with an IT assessment of your physical and logical data network and computer infrastructure so you can make informed decisions on how you wish to proceed with upgrades, procedures, and processes to become more compliant with the law.

A Brief Time-Line of HIPAA


HIPAA (Health Insurance Portability and Accountability Act) was created. It was written as a foundation for the protection of consumers private health information and purposely vague to allow for the law to develop.


The Privacy Rule was added. This defined PHI (Protected Health Information) and defined the civil and criminal penalties of non-compliance.


The Security Rule was added. This defined the framework for ePHI (electronic Protected Health Information) which was very confusing to covered entities (CE's), many of whom did not have dedicated IT staff.


The HITECH Act (2009) and the HIPAA Omnibus Final Rule (2013) were added. The Affordable Care Act (ACA) put funding and 'teeth' into HIPAA which due to confusion was mostly ignored. HITECH and HIPAA Omnibus Final Rule were added and in doing so, funding was provided to increase HIPAA enforcement and to create incentive programs for CE's to switch to government standardized Electronic Health Records (EHR) systems. Further, these laws now defined Business Associates (BA), that is; anyone providing a service to a CE that may or may not come in contact with a PHI, or ePHI record must also be able to prove HIPAA compliance on the systems and processes they run to service the CE.


The Audit Program Program Protocol was developed. The Office for Civil Rights (OCR), in conjunction with the United Stated Department of Health and Human Service (USHHS) worked to develop an audit protocol that they will use to verify compliance. In April 2013, the protocol was released to the public. As of October 2014, the audit program contains 169 items to audit (40 are categorized as required, 27 addressable, and 102 are listed as n/a because they don't know yet how CE's and BA's are doing with these yet).


A pilot program was run to conduct and test the audit protocol. 66 percent of the CE's failed to perform a comprehensive, accurate security risk assessment, The most commonly stated reason was that they were unaware of the requirements. Smaller healthcare providers, mainly ones without dedicated staff dealing with HIPAA, and IT staff working to fix issues made up majority of those that failed during the pilot program.


The real audits started. Most CE's that were targeted were caught unexpectedly and violations were found. Most have settled. Smaller CE's are next, and then it's on to Business Associates. Are you ready ?

Need an IT assessment completed for your organization? Click below to take action now.

Are you ready for the OCR and HHS Audit when you get their letter?

Click on Take Action now and we can show you what reports we will generate for you to use as your proof that you're taking the steps necessary to become closer to compliance.

Have you at least completed an IT Assessment to see where you stand?

We can provide you with an IT Assessment. Click Take Action now and we will e-mail you a sample list of reports we can provide to your organization.

HIPAA Compliance is Not Just for Doctors’ Offices

Click the below picture to view an article written by our Founder and President Rich Silva

Subscribe to our Newsletter

Sign up for Pain Point IT Solutions Newsletter and join our 50 subscribers.
  • Tech Corner
  • Our Client Success Stories
  • Useful Links

Learn More – Click Take Action Button Below

Sign our request for call back page and we will call you back with some more information.

Informative HIPAA Links

Here are some links we think will be useful for your research on HIPAA. Underneath each are QR Codes so you can scan into your mobile device and look later.

OCR Case Examples

Here are some case examples and resolution agreements for violations


On-Line HIPAA Survival Guide

A great web site with more information on HIPAA