HIPAA Compliant Is a Gimmick

Two recent updates to the ClinicNerds website to report:

  1. New HIPAA Breach Case Study about a small practice in Illinois that was fined $31,000 because they did not have a Business Associate Agreement with a third-party document storage company.  The medical practice was storing paper medical records at this off-site location without ensuring that the document storage company was safeguarding the patient data.  Note that this case was resolved just a few months ago (April 2017), though practice will be on HIPAA probation for two years till April 2019.  It is very typical for these HIPAA investigations and probations to last 4 or 5 years.
  2. New article in the series Crushing Kim with HIPAA.  This sixth article in the series discusses the meaningless terms ‘HIPAA Compliant’ and/or ‘HIPAA Certified.’   There are many shady salesmen, consultants, and instructors that make the false and meaningless claim that their product or service is HIPAA Compliant.  When you hear this phrase, ClinicNerds encourages you to say:  ‘Who says it is HIPAA compliant?’