Yes. The privacy rule won’t require you to refer to patients by code names, retrofit your office or soundproof your examination or consultation rooms. It simply formalizes much of what you probably already do to protect patient privacy and maintain physician-patient confidentiality. Most improper disclosures of PHI occur because of human error. HIPAA will force you to shore up your systems. For example, you will have to be more careful about faxing lab results to patients, posting patient names outside exam rooms or leaving messages containing PHI on answering machines.