Table of Contents
Most small practices believe one of two wrong things about HIPAA. Either "we're too small for anyone to care," or "our EHR vendor handles it." Both get practices fined.
The Office for Civil Rights settles cases with small and solo practices every year, often after something mundane: a stolen laptop, a misdirected fax, an employee snooping on a neighbor's chart, a complaint from an unhappy patient. And your EHR being HIPAA-compliant covers exactly one system. It says nothing about your email, your file shares, your old server in the closet, or the billing service you never signed an agreement with.
Here is what actually matters, sized for a practice, not a hospital system.