Covered entities and business associates have very specific requirements under the HIPAA Privacy Rule, HIPAA Security Rule and Breach Notification Rule. Enforced by the Office for Civil Rights (OCR) HIPAA appears to be constantly changing, not based on new regulations, but guidance and newsletters from the OCR, Office of the Inspector General, Office of National Coordinator and CMS.
In addition, OCR adopts many of the publications from the National Institute of Standards and Technology (NIST). Without a clear understanding of how to apply the standards in your office, you will most likely be in violation of some aspect of HIPAA every day. Small matters such as not posting your Notice of Privacy Practices (NPP) in your waiting room or not listing electronic exchanges on your Notice.