It depends on what type of organization you're working for. Hospitals, doctors offices, etc all fall under the strictest guidelines. After that, there are various levels. My company falls under some type of business partner. We have access to the actual patient record, so we have to be compliant too.
I'm currently working on some HIPAA compliance stuff that will scrub any patient identifiable information from data that the hospital may send us.
>Are you sure about that? I am working in a HIPAA organization and we don't have any log of who looks at records. If you have a reference I will run it up the flagpole.
Craig Berntson
MCSD, Microsoft .Net MVP, Grape City Community Influencer