HIPAA implementation is based on presumptions pertaining to PHI disclosure threat model. The procedure involves preventive as well as retroactive measures and includes process, technology, and personnel aspects. The aim of HIPAA implementation procedure is guided by the threat model. It involves presumptions about Nature of threat whether an accidental revelation by an insider or access for profit Source of threat by an outsider or insider Means of likely threat by break in, trespassing, computer hack or virus Specific type of record at risk viz. patient identification, financials, medical, and Scale to keep track of the number of patients data threatened. HIPAA procedure has to encompass explicitly stated policy, educational materials and events, transparent reinforcement methods, a timetable for examining of and methods for ongoing transparency with respect to HIPAA compliance. Documented policy usually comprises of statement of minimum privilege record access to finish the work, explanation of PHI and event assessing and reporting processes. Educational materials could comprise of case studies, control questions, and a time table of review meetings for ...