Find trusted compliance software, BAA-ready cloud hosting, secure messaging, risk-assessment tools, and official federal resources â all in one place built for healthcare organizations and their business associates.
The Health Insurance Portability and Accountability Act of 1996, together with the HITECH Act and the regulations codified at 45 CFR Parts 160 and 164, sets the rules for how protected health information must be safeguarded in the United States. For a covered entity such as a clinic, hospital, or health plan â and for the growing universe of business associates that build software and provide services to them â staying compliant means assembling the right mix of tools, contracts, training, and documentation. The market for those tools is crowded and noisy, and the word "HIPAA" appears on far more marketing pages than the underlying products can actually support. HIPAA Directory exists to cut through that noise.
We are a vendor-neutral catalog. Every entry on this site links directly to the product page or the primary government source so you can verify the claim yourself rather than taking a salesperson's word for it. We prioritize vendors that publicly offer a Business Associate Agreement â the contract HIPAA requires whenever a third party creates, receives, maintains, or transmits protected health information on a covered entity's behalf â and we group official material from the Department of Health and Human Services, its Office for Civil Rights, and the National Institute of Standards and Technology into a dedicated category so the authoritative text is never more than a click away.
The directory is divided into nine practical categories that mirror how compliance programs are actually built. Compliance Software covers all-in-one platforms for managing policies, risk, and audits. HIPAA-Compliant Email & Messaging and Secure Forms & eSign address the everyday channels through which PHI moves. Hosting & Cloud (BAA) lists the major infrastructure providers that will sign an agreement and document their HIPAA-eligible services. Risk Assessment points to the tools and federal methodology behind the Security Rule's required risk analysis, while Training gathers workforce-education options, including free official modules. Breach & Incident and Telehealth Compliance cover response obligations and virtual-care platforms, and Official Resources (HHS/OCR) anchors everything to primary law.
Inclusion here is a starting point for research, not a seal of approval. There is no government-issued "HIPAA certification," and no directory can promise that a given product, configured a given way, will keep your organization compliant. A listing simply means the vendor publicly represents that it supports HIPAA compliance, most often by offering a signed BAA. Compliance is ultimately a function of how you configure, contract for, and operate a tool â combined with administrative safeguards, documented risk analysis, and trained staff. Use this directory to shortlist candidates quickly, then evaluate each one against your own risk assessment and, where appropriate, the advice of qualified legal and compliance professionals.
Nine categories spanning software, secure communications, infrastructure, training, and official federal guidance.
Well-known tools and official resources that publicly support HIPAA workflows. Always confirm a BAA before sharing PHI.
All currently catalogued tools, services, and resources. Use search above to filter.
Submit your compliance software, BAA-ready service, or official resource. Basic listings are free, and every submission is reviewed for relevance and a publicly available BAA or source.
Submit a Listing â Free