We are HIPAA compliant AND HIPAA regulated.
Many people confuse "HIPAA compliance" with "HIPAA enforcement" or regulation, often assuming they are the same thing. Other websites advertise themselves as "HIPAA compliant," leading consumers to believe that their data is secure and that the company would face consequences for not maintaining such security and privacy.
In reality, "HIPAA compliance" refers to upholding the standards for information confidentiality, privacy, security, and security awareness established by the Health Insurance Portability and Accountability Act of 1996. HIPAA regulations outline standards such as data encryption, as well as administrative policies and procedures related to the retention, storage, transmission, and destruction of Protected Health Information (PHI). Being HIPAA compliant means that, to the best of the company's knowledge, it operates in accordance with HIPAA standards. However, this does not guarantee enforcement or regulation of their ability to maintain these standards. In other words, there may be no consequences for failing to adhere to HIPAA regulations.