[pragone]

Well, there's always the option to go read it yourself: http://www.gpo.gov/fdsys/pkg/CRPT-104hrpt736/pdf/CRPT-104hrp...

HIPAA is a very large, encompassing bill that provides numerous protections for patients. In particular, it provides the necessary legal requirements preventing healthcare providers from disclosing personally identifiable information - typically, things like SSN, name + date of birth, name + zipcode, etc. Anything that could possibly be used by someone to identify who the patient is should not be discloses. HIPAA also lists some technology requirements, but if memory serves me correctly, it only goes so far as to say "industry-standard practices". There's also numerous parts of HIPAA that pertain to billing and insurance, but I don't do billing so I can't speak too much on those.

Another bill to check out would be HITECH.

[kamikazi]

Well yes I can go read the act but at this early stage don't have that much time to spend on legalese without first understanding the contours. I'm looking for simpler explanations, case studies, blogposts of individuals/ or companies; some of which your rest of the comment provides. So thanks for that.

Would you mind sharing your email (mine is in my profile) in case I wanna bounce off a few Qns? I promise to keep it short. TIA.

[jplewicke]

I found this book helpful: The HIPAA Roadmap for Business Associates ( http://www.amazon.com/gp/product/1484067010/ref=oh_aui_searc... ). It goes through some of the basics of HIPAA, what kinds of policies you need to have and why, and includes some example policy templates similar to the ones being graciously provided in this article.

[markolschesky]

Wrote an answer on this on Quora last week ->

http://www.quora.com/Where-is-the-dividing-line-in-building-...

I just sent you an email too. Hopefully I can help out a bit.