The second thing* you need to do to protect your patient data and to be HIPAA compliant is to do a technology risk assessment. My friends at PCIHIPAA offer a free assessment. They also provide insurance (this part is not free 🙂 ) to cover you if you do have a data breach.
Most dental liability policies do not cover HIPAA violations or else have very low limits. If you have a simple breach; for example a joy rider steals your administrative assistant’s car with a backup tape in the trunk, compliance costs will average $40,000.
If you have not completed the assessment and generated all the rest of the paperwork for compliance you face punitive fines that can easily range into six figures.
* The first thing you need to do is assign a privacy officer.