If you believe that your privacy has been violated by a medical provider, you can file a complaint with the Department of Health and Human Services. HIPAA itself does not provide for a private of action. Depending on an individual’s personal circumstance, the breach of medical information may serve as a basis for other causes of causes of action provided by state law.
The Office of the National Coordinator for Health Information Technology has created a risk assessment tool for small and medium sized covered entities. The downloadable questionnaire is intended for covered entities to discover holes within their security framework and offers recommendations.
The Department of Health and Human Services regulates the Health Insurance Portability and Accountability Act, better known as HIPAA. The HHS.Gov website maintains several informational pages for businesses who have questions about how to comply with the law. The above link directs to the Smaller Providers and Businesses page and provides answers to frequently asked questions.