Any developer who has worked with HIPAA compliancy knows that the law is murky at best and the fed doesn’t publish a programmers’ guide to make your life any easier.  However, one of the cardinal rules is the requirement to keep track of who sees HIPAA data, who modifies it and when this was done.  Another is that if you delete/update patient data you need to log what was deleted/updated in order to provide an audit trail, if only for