HIPAA gets a bad rap – and deservedly so. However, most of that bad rap is because it is set up in a typical government fashion that is hard to understand and make sense of. When you look at the HIPAA laws and guidelines, it is not long before you become more perplexed than you were before.
However, once you get past the government’s idea of light reading, or by using our CompassDB tool which translates it into a humanly readable language, you realize that the HIPAA guidelines are not really all that cumbersome. In reality, they are your standard operating procedures for your business in a template that can cover many different types of organizations.
If you think about it, we should all want our business to continue no matter what happens. We all want to be resilient to threats, both internal and external, as they can affect our way of life. The Security Risk Analysis required by HIPAA (and MACRA and Meaningful Use) helps you identify security threats to your business. The other HIPAA requirements guide you on how to become more resilient when dealing with the threats.
By following the standards set forth by HIPAA, you drastically reduce your liability and your risk of business disruption.
Protect Your Patients. Protect Your Practice. Protect Yourself™.
If you have questions about HIPAA, including how to conduct a Security Risk Assessment or how to best remediate identified risks, contact us: info@thirdrock.com; 512.310.0020.
Thank you!
So often I hear people complaining about HIPAA in that it needs to be upgraded, modified, etc…and then when I am privy to what BAAs are doing to comply with HIPAA I see most of this comes from folks that don’t comply with HIPAA and are looking for some type of “sounds good” reason to move to a HIPAA 2.0.
In my view, with respect Business Associates (BAs) and HIPAA…which first people out there need to stop telling BAs that they need to comply with all of HIPAA…the Security Rules represent what is often present in most well run IT shops.
It’s that simple and basic. Now are there people that may find or use the idea that HIPAA is overly complex and burdensome for some other means? Of course…I hear it on webs and read it on blogs every day.