If your organization handles sensitive patient information, you need to comply with HIPAA. Failure to do so can result in fines, penalties, and legal fees. Not to mention the bad reputation you'd incur if your patients found out you failed to keep their sensitive health information safe.