Most healthcare organizations are familiar with the privacy and data security requirements of the landmark HIPAA, and then HITECH, so they have gotten their operations compliant long ago. This may lead people to assume complying with newer privacy laws will be easy given all they are already doing to meet current requirements.
