Healthcare Security

Healthcare security for healthcare organizations and business associates

Companies operating in healthcare have a responsibility to protect protected health information (PHI) and personally identifiable information (PII) of their key stakeholders. Whether your firm directly interacts with patients or provides services to facilitate patient care, healthcare security should be a top priority for your firm.

If your business has access to PHI, PII and payment data, security is not optional. It’s a legal obligation.


HIPAA regulates healthcare providers, healthcare clearinghouses, and health insurance plans that access medical records as a results of caring for a patient and processing their claim. HIPAA also oversees firms that required access to these healthcare organizations’ PHI as a result of doing business. [Learn more about HIPAA and your business’ security requirements under the law.]

State PII Laws

Even if your business has access to sensitive patient information, your firm may not be subject to HIPAA. However, these does not mean your business is legally exempt from establishing security.

Forty-seven states, Washington D.C., Puerto Rico, and the U.S. Virgin Islands have their own PII breach notification laws that must be followed in the event of an incident. Each state varies in their requirements and what type of data is subject to their PII legislation.

Several states currently have PII laws that require businesses and state government entities to proactively protect PII in addition to breach notification requirements, while other states are in the process of developing these types of data loss prevention mandates.

Payment Data

If your firm accepts credit cards payment data or store account numbers, your business is subject to additional state and federals laws for protecting this information. State PII laws and Payment Card Industry Compliance may come into play for your business. Make sure you understand your firm’s obligation to project customer payment information.

Soteria has security services to fit your healthcare industry needs.

Are you a healthcare organization looking to improve your security?

Soteria performs IT security assessments to help healthcare organizations identify areas of weakness in their security and provide remediation. Learn more about our IT assessment services and how they can assist you in reaching your security goals, HIPAA compliance requirements, and state legal requirements.

Security Consulting

Does your firm need to become HIPAA compliant to unlock business opportunities in healthcare?

SecureStart is a program designed for small to mid-sized firms in the earliest stages of establishing security. Receive consulting hours, policies, and products to help put your firm on the road to compliance. Leverage Soteria’s expert consultants to build trust with potential clients and investors performing due diligence on your security practices.