HIPAA privacy rule was enacted more than a decade ago and health organizations, ever since, are putting consistent efforts to ensure that the health information remains private and secure. The HIPAA (Health Insurance Portability and Accountability Act) regulations are vast and complex at places and healthcare organizations require a thorough understanding and substantial effort to maintain compliance. Consequently, many organizations, especially the smaller hospitals and physician practices, often fail to keep up with the requirements and land into hefty fines for HIPAA violation. In some healthcare organizations, the staff does not understand who exactly is in charge of maintaining the compliance and in others they ignore the gaps in the procedures believing it to be a low-risk area. HIPAA violations can lead to major financial and reputation damage and this calls for identifying and analyzing the HIPAA compliance gaps and working towards closing them.