Many “Covered Entities” within the meaning of the privacy and security provisions of the Health Insurance and Portability Act of 1996 (HIPAA) are managing more and more of their patient information electronically.  Indeed, not moving to electronic health records (EHRs) may cost physicians a percentage of their Medicare remittances—or at least the loss of a potential bonus of up to $44,000—under the EHR Incentive Program, as discussed in our last several Alerts.Collecting, analyzing, reporting and storing electronic patient information present perhaps even greater HIPAA challenges than does the use of paper records, however.  Data entered on a computer can be copied more easily, more cheaply, more prolifically and even passively.  Once unsecured data are moved from the computer on which they are created to other media, manually or wirelessly, controlling the information becomes nearly impossible.  The key word in the preceding sentence is “unsecured.”  The recently finalized HIPAA regulations on Breach Notification impose...