Wanna get rich? Become a HIPPA expert. here's a litle summary of some HIPPA requirements: "Information Systems Security Management Information systems security management requires formal policies and procedures for granting (or denying) access to various levels of health care information, including user authentication and accountability practices. In order to meet regulatory compliance, three key areas must be in place: 1. security measures for all information systems; 2. security testing, including intrusion testing, performed regularly on systems and networks; 3. virus protection, and a response procedure when a virus is detected. · documenting all policies and procedures in the integration and daily work of the Information Systems Management Department. · installing software that maintains review schedules for testing security features. · creating a system for on-going and periodic system checking. · updating and formatting a frequent virus checking system and procedure. Security Incident Procedures To ensure that violations are managed quickly, health care operators are required to have documented damage control procedures for reporting security breaches. Such procedures should address data backup, data storage, and proper disposal of data, in addition to assigning responsibility in the event of a security incident. The damage control procedures should also include: a disaster recovery plan, emergency mode operations, equipment control, an organization security plan, procedures for verifying authorization prior to physical access, maintenance records, need-to-know procedures for personnel access, and sign-in procedures for outside (contract) vendors. Security Management Process Health care operators are required to establish risk reduction security policies to insure accountability, prevention, containment, and correction of security breaches including risk analysis, risk management, and sanction policies. Additional measures to protect sensitive data includes: firewalls, intrusion detection devices, and audit logs. Training It is imperative that personnel be properly trained in order for a health care operator to meet the HIPAA standards. Each organization must develop, implement, and maintain records of awareness training for all personnel on virus protection, reporting data discrepancies, and password management to ensure protection of health care information." As an IT professional, there is ALOT of money in enforcing HIPPA.