HIPAA Law

Assume that an employee gained access to medical records after being fired and threaten management that if they did not hire him back he would expose patient personal medical information. The organization computer system is not the best system in place when it comes to security. They hired you as a consultant to update their system to prevent this from happening again.
What IDPS and security tools and technologies would you put into place to protect their systems? What type of commercial firewall would you recommend? How do you recommend they handle the employee? Has this employee violated the HIPAA law?