HIPAA basics
HIPAA Basics for Small Clinics
A hub for the HIPAA definitions, obligations, and operating concepts small clinics need before evaluating vendors or workflows.
Learning center
Use the hubs below to move from definitions and regulatory basics into the workflows that usually create the most risk: vendor management, incident response, annual risk analysis, and workforce training.
HIPAA basics
A hub for the HIPAA definitions, obligations, and operating concepts small clinics need before evaluating vendors or workflows.
Incident response
A hub for the breach-assessment, documentation, and notification workflows that matter when a clinic suspects a privacy or security incident.
Risk analysis
A hub for the annual risk analysis workflow small clinics need to document, refresh, and turn into remediation work.
Vendor management
A hub for the vendor review, BAA, and pricing questions that matter when small clinics let third parties touch PHI.
Workforce training
A hub for HIPAA training, onboarding, access reviews, and offboarding workflows in small clinics.
Pages in this library are updated with visible source lists, contributor attribution, and refresh dates.
Risk analysis vs risk management under HIPAA. Learn the difference and why small clinics need both.
Risk analysis Common Small-Clinic Risk Analysis MistakesCommon HIPAA risk analysis mistakes in small clinics, including generic templates, stale inventories, and missing remediation.
Risk analysis How to Do a HIPAA Risk Analysis for a Small ClinicHow to do a HIPAA risk analysis for a small clinic. Step-by-step guidance on scope, systems, threats, remediation, and documentation.
Incident response The Four-Factor Breach Risk AssessmentThe four-factor breach risk assessment explained for small clinics, with practical documentation guidance.
Incident response HIPAA Breach Notification TimelinesHIPAA breach notification timelines for small clinics, including individual, HHS, media, and business associate notice.
Incident response What Counts as a HIPAA BreachWhat counts as a HIPAA breach? Learn how small clinics distinguish incidents from reportable breaches.
HIPAA basics 7 HIPAA Compliance Requirements Small Clinics Must Address7 HIPAA compliance requirements for small clinics: risk analysis, BAAs, audit controls, training, incident response, and more.
HIPAA basics Covered Entity vs. Business AssociateCovered entity vs business associate explained for small clinics. Learn when vendors need BAAs and why the distinction matters.