It is important that Covered Entities and Business Associates understand the HIPAA password requirements and the best way to comply with them because if a data breach is found to be attributable to a lack of compliance, the penalties could be significant..