I was reading an article on HIPAA violators from

http://dmeclegal.wordpress.com/2014/05/14/data-breach-results-in-4-8-million-hipaa-settlements/

What caught my attention is on the last paragraph that stated “the same rules apply to employer-sponsored health plans”. What it means is that any entities that deals with patient information must also performed the same kind of risk analysis just like the health care providers do.

This is not a joke that companies are getting huge fine for their negligence. Unless your company don’t have any money issue, I would highly recommend getting started on what article’s recommend to do. A thousand mile journey begins with the first step. So, what are you waiting for?