The Health Insurance Portability Accountability Act (HIPAA) is one of the most sweeping sets of regulations on the books, and for good reason. Personal healthcare information is both highly sensitive and highly vulnerable. Keeping it safe and secure is both a legal and an ethical obligation for every organization in healthcare.
The challenge facing these organizations is that HIPAA compliance is notorious for requiring a lot of input without offering a lot of confidence. Protecting every patient record against every potential threat according to every applicable regulation is a major undertaking. And, considering that a single violation can carry a minimum penalty of $50,000, any amount of uncertainty around compliance is a serious liability.