When to seek legal consultation for HIPAA

Is it reasonable to think that a private medical practice with a total of 18 employees can meet all the requirements of HIPAA without hiring expensive outside consultants? At what point (if any) should we have legal consultation. Thank you!
Given the right tools, a fair amount of time and the budget to make it happen, I certainly believe it is reasonable to accomplish this internally. Keep in mind that not *all* outside consultants are expensive. You should be able to find some in your area that can do the work for a reasonable fixed cost so you don't have to worry about it getting out of control financially. Long term, given employee training, books and other tools that you will end up needing to purchase, not to mention pulling employees away from what they normally do on a full-time basis, it could very well be cheaper to outsource. At a minimum, you should consider getting legal counsel to review your HIPAA-mandated privacy and security policies to ensure they are reasonable and enforceable.

For more information on this topic, visit these other SearchSecurity.com resources:
Featured Topic: HIPAA update
Commentary: HIPAA compliance doesn't come in a box
Best Web Links: Securing Health Care/Health Services

This was last published in December 2002

Dig Deeper on HIPAA



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: