I receive many questions about privacy and compliance as it relates to computer support. The following article on LinkedIn by Waël Hassan, PhD. does a great job of outlining what is required and expected of a business that deals with personal health information. He has a number of security related blogs that also may be of interest to business owners and IT personnel alike.
Does Privacy Compliance Translate Across Borders? Comparing HIPAA and PHIPA