Have you ever heard anyone say that HIPAA is a beauty?
NO? I didn’t think so!
However, being in the industry, I see the beauty of HIPAA every day in its flexible design. The government regulations are that you need to keep Private Health Information (PHI) private and secure. However, no one comes out and specifies how you need to do that. They outline the WHAT, but leave the HOW up to you.
I love the fact that the government gives healthcare practices a choice. YOU get to determine your own policies and procedures and technical solutions to ensure that PHI is protected. There is no cookie-cutter mandate handed down that may or may not work for your individual practice. You know what needs to be accomplished, but getting there is entirely up to you.
How technical do you want to be when protecting PHI? What is the aptitude of your staff? What systems do you already have in place? What does you budget look like? All of these questions will be answered differently depending on the organization, and they can create their own structure to ensure their compliancy is being achieved.
Of course, best practices will emerge from those organizations that succeed, and you should definitely take these into consideration. However, you can shape these practices into something that is uniquely your own. You get to do it your own way!
As you complete your risk assessment, you can document why you chose the path you did and how you are mitigating the risks posed. The risk assessment is a key tool to ensure that you are consciously choosing an alternate path, not just ignoring the risks.
Having control over your own course of action — now that is the Beauty of HIPAA!