In order to ensure compliance with HIPAA (and other data privacy and security rules) health care organizations must implement policies and procedures that are tailored to the work that they do as well as their size. HIPAA is not a one-size-fits-all regulatory regime, and best practices for data privacy and security programs demand attention to the specific operating environment of each healthcare organization. This whitepaper provides a look at challenges and best practices to help ensure compliance with data privacy and security rules, such as HIPAA.