This is an excerpt from a member-only article. To read the article in its entirety, please login or subscribe.

In the best scenario, lawyers and security consultants work together to help your organization comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), says Bill Roach, an attorney with McDermott Will & Emory, LLP, in Chicago . But because HIPAA security compliance is an organizationwide activity, leadership generally emanates from administrators who should confer with attorneys and consultants first, says John Parmigiani, senior vice president of consulting services at QuickCompliance in Avon, CT, and the former federal government chair responsible for the creation and implementation of HIPAA's security rule.