How-To Guides
Practical guides for practice managers navigating HIPAA compliance and choosing the right task management software.
Page 1 of 5
HIPAA BAA Template: What to Include and Common Mistakes to Avoid
Download a free HIPAA Business Associate Agreement template. Learn the 7 required elements, common BAA mistakes, and which tools include a signed BAA by default.
HIPAA Compliance Audit: What OCR Looks For and How to Prepare
Learn what a HIPAA compliance audit involves, what documents OCR requests, and how small practices can stay audit-ready without a full-time compliance officer.
What Is a HIPAA Covered Entity? Definition, Types, and Obligations
A HIPAA covered entity is a health plan, healthcare clearinghouse, or healthcare provider that transmits health information electronically. Learn which practices qualify and what compliance requires.
HIPAA Compliance Training: What Your Practice Is Required to Do
HIPAA requires covered entities to train all workforce members on privacy and security policies. Learn exactly what training must cover, who must complete it, and what documentation OCR expects.
HIPAA Security Rule: What It Requires and What It Means for Small Practices
The HIPAA Security Rule requires covered entities to protect electronic protected health information through administrative, physical, and technical safeguards. Learn what each category requires and what 'reasonable and appropriate' means for a small clinic.
10 HIPAA Violation Examples Small Practices Actually Encounter
Real HIPAA violation examples that small medical practices run into — from emailing PHI to the wrong patient to using task management tools without a BAA. What each one means and how to avoid it.
HIPAA Violation Fines and Penalties: What Small Practices Actually Pay
HHS OCR enforces HIPAA through four civil penalty tiers ranging from $100 to $1.9 million per year. Learn how fines are calculated, what triggers criminal charges, and what small practices are actually penalized for.
How to Report a HIPAA Violation: Two Processes, Explained
There are two types of HIPAA violation reports: filing a complaint with OCR about a violation you witnessed, and reporting a breach your practice experienced. This guide covers both, including deadlines, the OCR portal, and breach notification requirements.
Is Box HIPAA Compliant? Plans, BAAs, and What Clinics Actually Need
Box is HIPAA compliant on Business and Enterprise plans with a signed BAA. Free and Personal plans do not qualify. Here's what that means for medical practices storing PHI.
Is Calendly HIPAA Compliant? Only on Teams Plan and Above
Calendly is HIPAA compliant on Teams ($16/seat/month) and above with a signed BAA. Free, Standard, and Essentials plans offer no BAA. Here's what that means for patient scheduling.
Is ChatGPT HIPAA Compliant? What Clinics Need to Know Before Staff Use It
ChatGPT is HIPAA compliant only on Enterprise and via the OpenAI API. Free, Plus, and Team plans do not include a BAA — using them with patient information is a HIPAA violation.
Is Microsoft Copilot HIPAA Compliant?
Microsoft Copilot for Microsoft 365 can be HIPAA compliant within an enterprise tenant with a BAA. The free consumer Copilot at copilot.microsoft.com is not. Here is the distinction small clinics need.
Who are these HIPAA implementation guides written for?
Do these guides cover both technical and operational aspects of HIPAA compliance?
Can I use these guides to prepare for a HIPAA audit?
Want help with HIPAA compliance?
Try PHIGuard free for 14 days. No credit card required.