In the face of the potential HIPAA legal onslaught, what's a provider to do? Legal experts say there are four things you can do to help protect yourself: 1. Hire the right privacy officer. Head off lawsuits by responding to complaints earnestly and courteously. The person who deals with patients with complaints "needs to be the right personality in a very difficult situation with one chance to prove goodwill and credibility," offers Bill Sarraille with the DC office of Arent Fox. "Your privacy officer needs understand what the situation is, needs to be a good listener, needs to be focused on fixing the problem as best it can be fixed without making excuses," he advises. 2. Polish your complaints process. Don't add fuel to the fire by obfuscating. HIPAA's going to make it easier for patients to make their voices heard, says Stephen Bernstein with McDermott Will & Emery in Boston. "And the last thing anyone wants to do is fuel that by having a process that's complicated and confusing." 3. Nip patterns in the bud. "If you get a complaint, you want to make sure it's not a programmatic thing - it's not a computer glitch that's spitting [protected health information] out or it's not lax security," stresses Michael Roach with Michael Best & Friedrich in Chicago. 4. Maintain an efficient health information privacy program. A complete and well-documented privacy program can serve two purposes. It helps prevent bad things from happening, and if something does go awry, it helps your defense. "It's one weapon you take away from the plaintiffs," Roach remarks.