She highlights how encryption is just one part of the compliance requirements under the new regulations, and touches on ongoing developments such as potential changes coming in 2014: "Intapp Risk Bulletin: HIPAA Compliance for Law Firms — Addressing New Requirements" --
- "The challenge firms face, of course, is to translate the Byzantine HIPAA requirements into an affordable, actionable and clear course of action. The first thing firms should understand is that, as Business Associates subject to HIPAA through their use of client data, firms are subject to the entire Security Rule but only portions of the Privacy Rule (the most important part of which is the “Minimum Necessary Standard,” which requires that firms limit access to PHI to those workforce members who need access to carry out their work)."
- "The Security Rule does contain 40 distinct “implementation specifications,” but some of these specifications are required and others are merely addressable. As a result, law firms looking to make some headway to avoid a penalty of “willful neglect” in the face of an OCR audit can start by addressing those core, required aspects of the Security Rule that matter most."