OH (PRWEB) October 15, 2013
Mike Semel has written some very insightful articles on HIPAA and has turned some catchy phrases in an otherwise pretty dull subject. In his recent article, "HIPAA Business Associate Avoidance and Google Update", the phrase "To all of you HIPAA-deniers, you can run but you can’t hide. You are a HIPAA Business Associate no matter what you say" seems to capture so much of the current confusion that HealthCare Too has posted his article on its website (http://healthcaretoo.com/hipaa-deniers-article/) in order to create awareness and service the "HIPAA-deniers".
HealthCare Too has experienced its own conversations with HIPAA-deniers (both Covered Entities and Business Associates) and sees a growing need for help, based on examples such as:
*Providing specific text from the HIPAA Omnibus to web hosting companies that knowingly (or uncaringly) store Protected Health Information on servers that are crammed with 100's of shared accounts,
*Explaining to a physician's office that a stack of backup tapes reaching over two feet high on top their server was not a good idea,
*Listening to countless providers write or tell us that they are "willing to take the risk" or that they plan to "close up shop" because of HIPAA,
*Learning from attorneys, CPAs, billing companies, and others of the value of their services to healthcare... and also that their laptops are not encrypted,
*Deciphering from Complementary and Alternative Medicine (CAM) providers how they are healthcare providers (some even licensed by the State) but aren't subject to HIPAA because they "don't have any real data" or it isn't a "full-time job",
*Engaging with "experts" who have never read the HIPAA Omnibus,
*Hearing numerous schemes to avoid being covered by HIPAA... usually a provider who wants to be entirely paper-based.
How can HealthCare Too Help the HIPAA-deniers?
For those HIPAA-deniers who are simply still confused about the new role of Business Associates but want to do the "right thing", HealthCare Too has produced a free white paper to make this change more understandable: HIPAA and Business Associates: Tempest in a Teapot or Perfect Storm? as well as a FREE PowerPoint presentation. For those HIPAA-deniers who understand the regulations but still want to avoid compliance through denial and avoidance, they should consider HIPAA as a mechanism to improve quality within their organization... not unlike other parts of healthcare.
Some of the members of HealthCare Too come from the manufacturing side of healthcare that is subject to FDA regulation and have seen rigor that makes HIPAA pale by comparison (despite protests by HIPAA-deniers to the contrary)... truckloads of documentation (sometimes quite literally), onerous Change Management processes, annual training, update training, Curriculum Vitae updates, and so much more. While cumbersome, the overall effect of these "Good Practices" (e.g., GxP) have dramatically improved results and safety in pharmaceuticals and medical devices. While debates will continue that these FDA practices are too much or perhaps even not enough rigor, (with some exceptions) these processes do not even deal with Protected Health Information that may ruin a person's life if not properly safeguarded. That data resides primarily on unencrypted laptops, random and wayward USB drives, unattended backup tapes, $3.95/month shared hosting accounts, and various free email and cloud services... a fact that may well be overlooked by HIPAA-deniers. Adoption of best practices is really greater patient focus and better management of resources (not to mention compliance with Federal and State law).
HealthCare Too's Chief Information Officer, Tim Perry, sums it up best: "Honestly, HIPAA is just common-sense and best practices for those who bother to read and understand it." Of the 42 HIPAA Security Rule Implementation Standards, a quick look at any of them (once one can find them!) presents an easy choice between "doing the right thing" to protect patient data and "leaving to chance" that nothing happens. Though conversations with "HIPAA-deniers" can be challenging, HealthCare Too members have always been convinced that the reluctance to adopt HIPAA is more of a need to understand than a wish to endanger patients. HealthCare Too and its eco-system of partners are ready to help.
HealthCare Too (HCT) is a certified Women-owned Business Enterprise (i.e., WBENC, NWBOC) that provides HIPAA Compliance, Cloud Hosting, and Data Storage through shared services. We help any-sized Covered Entities and Business Associates with higher performance, medical-grade computing and compliance resources... just like what one finds in the largest institutions and enterprises. HealthCare Too uses leveraged resources to provide better performance and contain costs. Whether MD, DO, OD, DDS, LMT, dietician, acupuncturist, yoga therapist, long term acute care, rehabilitation facility, pharmacy, retail clinic, surgery center, clearinghouse, insurance provider, Business Associate, or subcontractor... all need to be part of the digital healthcare system and comply with HIPAA for electronic protected health information. HealthCare Too makes that easier and less expensive.