How-To Guides

Zapier offers HIPAA compliance with a BAA on Teams ($69/month) and above. But a Zapier BAA alone is not enough — every app in the Zap must also be HIPAA compliant.

A HIPAA violation occurs when a covered entity or business associate fails to comply with the Privacy Rule, Security Rule, or Breach Notification Rule. Here's what that means in practice for small medical clinics.

A step-by-step HIPAA compliance checklist for small medical practices. Covers risk assessments, policies, training, tools, and documentation — the practical version.

Asana is HIPAA compliant only on Enterprise+ ($45/user/mo). Here's what changes in HIPAA mode, what features you lose, and what alternatives exist for small clinics.

Small medical practices face the same HIPAA requirements as hospital systems — without compliance departments. Here's what actually matters for a 3-20 person clinic.

HIPAA doesn't mandate encryption — but alternatives must be documented. For practical purposes, encryption is the standard you must meet for ePHI at rest and in transit.

HIPAA's technical safeguards require access controls, audit controls, integrity protections, and transmission security for ePHI. Here's what each one means for a small clinic.

A practical guide to becoming HIPAA compliant for small medical practices. Covers the required steps: risk assessment, policies, training, tools, and documentation.

A HIPAA risk assessment is the most commonly cited deficiency in OCR audits. Here's how to complete one for a small practice in under a week.

ClickUp is HIPAA compliant on Business Plus and Enterprise tiers — lower plans (Free, Unlimited, Business) offer no BAA and cannot be used with PHI.

Google Workspace is HIPAA compliant on Business Starter ($6/user/mo) and above — Google will sign a BAA covering Gmail, Drive, and Meet. But configuration is required, and not every Google service is covered.

Microsoft Teams can be HIPAA compliant, but only with the right Microsoft 365 plan, a signed BAA, and careful configuration. Here's what small practices need to know before using it for anything involving PHI.