It's an extremely broad and far-reaching piece of legislation. The relevant laws have also been modified and augmented since the original passage (through the HITECH act in 2009, and the final Omnibus ruling in 2013, as well as others). And yes there are various types of audits you should pass before claiming your site is compliant.
Your first step is to hire an attorney, there really isn't any way around it. If you want to get a feel for the complexity, you should start by reading the laws yourself. Title II is the most relevant to your questions. Or for a cliff-note summary read the wiki page: (http://en.wikipedia.org/wiki/Health_Insurance_Portability_an...). The actual text of the legislations should be linked from there.
It's an extremely broad and far-reaching piece of legislation. The relevant laws have also been modified and augmented since the original passage (through the HITECH act in 2009, and the final Omnibus ruling in 2013, as well as others). And yes there are various types of audits you should pass before claiming your site is compliant.
Your first step is to hire an attorney, there really isn't any way around it. If you want to get a feel for the complexity, you should start by reading the laws yourself. Title II is the most relevant to your questions. Or for a cliff-note summary read the wiki page: (http://en.wikipedia.org/wiki/Health_Insurance_Portability_an...). The actual text of the legislations should be linked from there.