Compliance & AI Governance

What is HIPAA?

The US law that governs how protected health information must be kept private and secure.

Talk to usFree to start - no card required.

HIPAA: definition

HIPAA governs "covered entities" (healthcare providers, health plans, clearinghouses) and their "business associates" (vendors that handle PHI on their behalf). Its Privacy Rule limits how PHI may be used and disclosed; its Security Rule requires administrative, physical, and technical safeguards for electronic PHI; and its Breach Notification Rule requires disclosure of breaches. Handling PHI without HIPAA controls carries serious penalties.

  • Protects PHI - identifiable health information
  • Privacy Rule: limits use and disclosure of PHI
  • Security Rule: administrative, physical, technical safeguards for ePHI
  • Business associates must sign BAAs and meet HIPAA requirements

How Fintra handles it

For businesses that handle PHI, Fintra’s compliance layer maps HIPAA safeguards to controls, collects the access, audit-log, and training evidence the Security Rule expects, and surfaces gaps. Access controls, audit trails, and least-privilege enforcement - already core to the platform - provide much of the technical safeguard evidence HIPAA requires.

Worked example

Frequently asked questions

Who must comply with HIPAA?

Covered entities - healthcare providers, health plans, and clearinghouses - and their business associates, which are vendors that create, receive, maintain, or transmit PHI on their behalf. Business associates must sign a BAA and meet HIPAA’s requirements directly.

What is PHI?

Protected Health Information is individually identifiable health information - anything that links a person to their health condition, care, or payment. Electronic PHI (ePHI) is the digital form the Security Rule specifically protects with technical safeguards.

What is a Business Associate Agreement?

A BAA is a contract between a covered entity and a vendor (business associate) that handles PHI, requiring the vendor to safeguard the data per HIPAA. Without a signed BAA, sharing PHI with the vendor is a HIPAA violation.

How does Fintra support HIPAA?

For businesses handling PHI, Fintra maps HIPAA safeguards to controls and supplies technical-safeguard evidence - access controls, tamper-evident audit trails, and least-privilege enforcement - while surfacing gaps against the Security Rule.

Stay in the loop

One practical finance briefing a week - new guides, checklists, and benchmarks.

 

See how Fintra handles the numbers behind this term

Fintra is the AI Finance Operating System for SMBs - accounting, planning, payroll, equity, and AI governance on one shared data model, with a named human approving anything consequential. Free to start, no card required.

Talk to us