The Final Word
Like many government regulations, HIPAA is a convoluted mess of rules designed to accomplish many things. But at the core, the goals of HIPAA really fall into two easily defined categories:
Streamlining the medical billing and payment processes
Ensuring patients' right to privacy and to control access to their personal medical information
All of HIPAA's rules stem from one of those two goals. Keeping that fact in mind, making your organization compliant with HIPAA is just a matter of working your way through the rules step by step and taking any necessary actions to bring your organization into compliance. By implementing best practices for IT security, you're already a good portion of the way there. The rest comes from a partnership between your organization and its clients. The IT solution provider is not and cannot be solely responsible for HIPAA compliance and keeping protected health information safe and private. Working with your customers to ensure compliance is a benefit to everyone, from the patient to the provider.