Organizations seeking to meet HIPAA requirements are expected to demonstrate proper use of patient data through appropriate administrative and technical safeguards. While most organizations focus their efforts on implementing safeguards that revolve around an EHR system already designed to be HIPAA compliant, today’s computing environments facilitate the ability to repurpose accessed patient data in an unauthorized fashion, quickly, easily, and conveniently. Webmail, cloud-based storage, USB storage, web-based collaboration tools, and even printing are just some of the ways users can improperly save, steal, and share patient data – making the watching of activity only within an EHR a shortsighted strategy, if the goal is to truly be able to demonstrate compliance.