HIPAA, HITECH , Red Flag Rules, and a myriad of state laws are all focused on the issues of privacy of information. The second component of these rules is security which can be a misunderstood area of the law.
With scalable requirements and shifting firewalls, small practices can feel overwhelmed with compliance issues. But - and it's a big but - most issues in security aren't technical or related to complex software. They relate to human behavior. Problems tend not to be technical but gossip, curiosity, and the always popular "but I've always done it that way."
The ONC, as part of its practice outreach, has devised a game, CyberSecure:Your Medical Practice, that is designed to help answer common information security questions. You can simulate your practice decisions and get tips and best practices along the way.
I played and got 100% - try to match that!