HIPAA requires that healthcare organizations of all kinds, as well as business associates of HIPAA-covered entities, implement safeguards to protect patients' PHI. And they must be able to demonstrate those safeguards through annual HIPAA audits and assessments..