Check EHR login information Look at employee trails left in the computer logs to get a feel for when employees are trying to access something they shouldn't. This goes for your practice management system too.
Recheck you breach notification policy as required by HIPAA What will your practice do in thte event of a HIPAA breach?
Document everything your practice does to comply with HIPAA Not only will this help you after a breach has occurred (shows you are and/or trying to be in compliance), this excersise will highlight where you are not in compliance with HIPAA.