Dark Reading Security Views has an article for Business Managers detailing the things they need to realize about HIPAA compliance. The nut shell version is this:
1. Compliance is not a homework assignment--it is how your organization operates every day.
2. Management has responsibilities that cannot be delegated.
3. Systems are not compliant--organizations are compliant.
4. Employees and business processes are typically a much bigger problem for compliance and security than computer
5. Management does not have to become technical, but it does have to demand its technical staff communicates effectively.
6. Accurate self-assessment is extremely difficult.
An interesting and necessary article can be read in full at http://www.darkreading.com/blog/232602269/six-things-management-better-u...