HIPAA isn't a product you buy — it's safeguards you have to implement and prove. AiVigil builds those safeguards into your everyday IT, so your clinic stays audit-ready without the once-a-year panic.
The HIPAA Security Rule asks for reasonable safeguards over electronic protected health information (ePHI) — across three areas.
A current security risk analysis, written policies, workforce training, and a designated security official. This is the paperwork auditors ask for first — and the part most practices let lapse.
Access controls and unique logins, encryption of ePHI at rest and in transit, audit logging, and automatic logoff. In practice: MFA everywhere, encrypted devices, and monitored access.
Controlling physical access to systems that hold ePHI, device and media disposal, and workstation security — including remote and home-office setups.
A signed BAA with every vendor that touches PHI on your behalf — including your IT provider. Missing BAAs are a common and avoidable finding.
Tested backups, a documented incident-response plan, and breach-notification procedures so an incident doesn't spiral into penalties.
Most HIPAA findings aren't exotic — they're the basics drifting out of date while you focus on patients.
The one document HIPAA explicitly requires — missing, generic, or years out of date.
Laptops and phones with ePHI that aren't encrypted — a single loss becomes a reportable breach.
Vendors touching PHI with no signed agreement on file.
Front-desk and clinical staff sharing accounts, so access can't be traced to a person.
Backups that have never been restored — discovered during a ransomware hit.
Staff trained informally, with no documentation to show an auditor.
A real HIPAA Security Rule risk analysis, reviewed annually and whenever your environment changes — not a one-time template.
Encrypted endpoints, MFA, unique logins and monitored access across every device that touches ePHI.
Written policies maintained for you, plus a signed BAA with us and help keeping vendor BAAs current.
Monitoring and tested, ransomware-resilient backups so your records system stays available and recoverable.
Filtering, simulation and staff training on the #1 way PHI breaches start.
We sit with you through audits with the risk analysis, policies and evidence already organized.
A plain-English self-assessment of the administrative, technical and physical safeguards HIPAA expects — so you can spot your gaps before an auditor does.
Our healthcare bundle puts HIPAA safeguards into your day-to-day IT and keeps the evidence ready — so compliance is continuous, not a scramble.
The basics
No. There is no official "HIPAA-certified" product or vendor. HIPAA requires you to implement reasonable administrative, physical and technical safeguards and to document them. We put those safeguards in place and keep the evidence audit-ready.
Agreements & assessments
Yes. As your IT and security provider that handles PHI on your behalf, we sign a BAA, and we help you keep BAAs current with your other vendors.
The HIPAA Security Rule requires an accurate, current risk analysis — reviewed at least annually and whenever your environment changes. We keep yours current as part of your managed service.
Systems
We secure and monitor the infrastructure, endpoints, network and backups your EHR runs on, and coordinate with your EHR vendor on uptime and security. The EHR vendor remains responsible for the application itself.
Book a free IT & security risk assessment for your practice — or grab the HIPAA IT checklist to start today.
Download the checklist