Situation Guides
Real-world HIPAA scenarios with step-by-step response instructions. Find your situation and follow the guide.
Did I Just Witness an Incident?
I saw something that might be a breach — what do I do?
Read GuideEmployee Lost a Device with ePHI Access
An employee lost a laptop or phone that had access to patient data.
Read GuideForgot to Revoke a Terminated Employee's Access
We forgot to revoke a terminated employee's system access.
Read GuideSomeone Clicked a Suspicious Link
An employee clicked a phishing email — what happens now?
Read GuideRansomware Attack Response
Our systems are locked — step-by-step ransomware response.
Read GuideEmployee Posted Patient Info on Social Media
A workforce member shared patient information on social media.
Read GuideVendor Requesting Patient Data
A vendor is asking for patient data — can I share it?
Read GuidePatient Requesting Their Medical Records
A patient wants copies of their medical records.
Read GuideWe Received an OCR Audit Notification
HHS Office for Civil Rights just notified us of an audit.
Read GuideA Patient Filed a HIPAA Complaint Against Us
A patient has filed a formal HIPAA complaint with HHS OCR.
Read GuideOur Vendor's Subcontractor Has PHI Access
A vendor's subcontractor now has access to patient data.
Read GuideBringing On a New IT Vendor
We're onboarding a new vendor — what HIPAA steps are required?
Read GuideHow Much PHI Can I Share?
Understanding the minimum necessary standard for PHI disclosures.
Read GuideAnnual HIPAA Compliance Review
It's been a year — here's what needs to be renewed and redone.
Read GuideDon't see your situation?
Our compliance team can help you navigate any HIPAA scenario, common or uncommon.
Contact Support