Check out our most recently posted HIPAA-related advisory, by Adam Greene and Michael Sloan.  It explains how telecommunications carriers and Internet service providers (ISPs) may, without even knowing it, be subject to the privacy, security, and breach notification requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) rules.  It also offers suggestions on how such service providers can start thinking critically about whether they are potentially covered, and other steps they should consider taking.  You can find the advisory here.