IT departments at health care providers around the country are scrambling to stay ahead of hackers and others who might be trying to get at the HIPAA-covered patient information on your network.  Your office - big or small - is probably no different.

But hackers may be the least of your HIPAA-compliance worries.  According to Jill Dennis, a senior VP at the American Health Information Management Association,

The internal [hospital] mistakes and the internal carelessness seem to be more prevalent than the stranger from the outside trying to crack into your system.

Computer mistakes are easy to make, particularly for typically overworked and understaffed admitting or nursing areas, and it's unlikely that another written policy will offer much of a realistic solution.  That said, that's also unlikely to be the biggest hole in your HIPAA-compliance strategy. 

The biggest hole in your HIPAA-compliance strategy is most likely to be conversations among employees in which they're discussing personal health information.  No, I'm not suggesting you keep your office workers from talking, and instead make them pass notes (in invisible ink, of course).  But in just about every admitting area or nursing station - particularly in facilities over 10 years old - sound travels.  Conversations are easy to overhear.  And your organization is not covered - even if the conversation is legitimate - if someone overhears personal information and does something nefarious with it.   

Have you plugged the acoustic security holes in your network?