We are HIPAA compliant AND HIPAA regulated.
Many people confuse "HIPAA compliance" and "HIPAA enforced" or regulated and often think these are the same thing. Other websites will advertise they are "HIPAA compliant," which gives consumers the impression their data is secure and the company would face consequences for not upholding that security and privacy.
In reality, "HIPPA compliance" refers to maintaining standards for information confidentiality, privacy, security and security awareness. established in the Health Insurance Portability and Accountability Act of 1996. HIPAA regulations set forth standards including things like data encryption as well as administrative policies and procedures around the retention, storage, transmission and destruction of Protected Health Information (PHI). Being HIPAA compliant alone means to the best of their knowledge, the company operates in a way that is in compliance with HIPAA standards but there is nothing enforcing or regulating their ability to uphold these standards. In other words, there are no consequences for not maintaining HIPAA regulations.