Many health care organizations have placed Health Insurance Portability and Accountability Act (HIPAA) privacy under the compliance officer. HIPAA security normally is found with information technology. In any case, whether the compliance officer has any operational management of HIPAA or not, he or she does have oversight responsibility to ensure that his or her organization is in compliance with current regulatory requirements. For many, this represents a new and difficult challenge. The purpose of this article to assist meeting this challenge.