The September 23 compliance date has passed for tougher HIPAA privacy, security, breach notification and enforcement rules, and many covered entities are not fully ready. Mark Dill, director of information security at Cleveland Clinic, says creating a "Book of Evidence" of good-faith compliance will save an organization from being overwhelmed if visited by the HHS Office for Civil Rights. Creating the book is not difficult and takes a couple of weeks. At the HIMSS13 Conference in February Dill walked through creating the book. Here are the basic steps.