Simple, Sane and Real Strategies for
Clinical Update April 2015
By Zur Institute
View a complete list of Clinical Updates.
In the early days, HIPAA was that annoying little cousin that wouldn't leave you alone -- always butting in, always finding some new reason to bother you. However, HIPAA has grown a lot since we last really turned toward it and paid attention.
Culturally speaking, HIPAA has always come from a techie's viewpoint. When it makes efforts to attune with clinicians and our culture, it fails awkwardly. It's confusing and gets overbearing in the way it relates to us.
This is not, however, because HIPAA doesn't share our goals: safeguarding clients, creating environments where they can thrive, and working to further their interests. On the contrary, HIPAA is fanatical in its support of clients' autonomy and their rights to pursue health care on their own terms. In the national efforts to digitize and network together every American's health records, HIPAA is the stubborn holdout that demands we closely consider the security and privacy of those records.
The confusing nature of HIPAA has lead to a lot of misinformation about how HIPAA compliance works. This is especially true around the HIPAA Security Rule, which is the portion of HIPAA that closely governs the security of the electronic gizmos and services that we use to handle clients' confidential info.
Perhaps the most damaging myth is the pervasive idea that those gizmos and services must be "HIPAA compliant." I bring up this myth not simply because it is "incorrect," but because it has caused a great deal of confusion and misunderstanding. We give up our autonomy and ability to control our practices and our relationships to HIPAA by seeking out the "right" tool or the "right" service that will make HIPAA go away and bother someone else. Those "right" tools may be expensive, may reduce our ability to connect with clients, and may even prevent us from actually complying with HIPAA.
Below I offer some facts about HIPAA that can help us to "stop the insanity" and get on the right track to working with HIPAA in simpler, saner, and more productive ways.