Over on the ClinicNerds blog, I just uploaded the third post in the series “Crushing Kim with HIPAA.” This post is about the confusing names Security Rule and Privacy Rule. My suggestion is to avoid using the similar sounding privacy / security and replace them with Patient Rights and Protected Health Information (PHI).
HIPAA is widely misunderstood, not because of any one thing, but rather the accumulation of many confusing concepts, phrases and terms. This series explores those confusing things through the eyes of Kim, a hypothetical office manager in a small clinic named Memphis Family Clinic. Big hospitals have departments of lawyers and information technology specialists (I/T, CIO) to handle HIPAA challenges. Kim and Memphis Family Clinic do not have those resources. This series tries to show how challenging HIPAA is for small clinics.