HIPAA Compliant Is a Gimmick

Two recent updates to the ClinicNerds website to report:

  1. New HIPAA Breach Case Study about a small practice in Illinois that was fined $31,000 because they did not have a Business Associate Agreement with a third-party document storage company.  The medical practice was storing paper medical records at this off-site location without ensuring that the document storage company was safeguarding the patient data.  Note that this case was resolved just a few months ago (April 2017), though practice will be on HIPAA probation for two years till April 2019.  It is very typical for these HIPAA investigations and probations to last 4 or 5 years.
  2. New article in the series Crushing Kim with HIPAA.  This sixth article in the series discusses the meaningless terms ‘HIPAA Compliant’ and/or ‘HIPAA Certified.’   There are many shady salesmen, consultants, and instructors that make the false and meaningless claim that their product or service is HIPAA Compliant.  When you hear this phrase, ClinicNerds encourages you to say:  ‘Who says it is HIPAA compliant?’



Over on the ClinicNerd’s blog, I put up the fifth article in the series: Crushing Kim with HIPAA.  In this series of articles, I try to make the point that HIPAA is despised and misunderstood because the explanations of HIPAA are horrible.  If HIPAA is ever going to be accepted and widely adopted, then a new curriculum is needed to explain HIPAA.  The HIPAA Lifeguard app is my attempt at a new curriculum for explaining HIPAA.   Article preview: ClinicNerds avoids using weird words like omnibus.

Crushing Kim with HIPAA

Over at the ClinicNerds blog, I’m writing a series of articles about how the terrible explanations of HIPAA are creating a nightmare for small clinics.  Just put up the fourth article in the series about Simplifying Protected Health Information (PHI).   I believe that we need to have a conversation about ways to simplify HIPAA explanations.