The murky waters of the HIPAA security rule

Laura Rose Lambert Electronic records, TWH blog 1 Comment

I apologize for the long delay in this article. This has been a good lesson in my limits of sifting through legalese and ability to produce something coherent from it. I think I’ll be avoiding this type of research in the future and instead focus on finding reliable resources to interpret this aspect of medical practice. This is a long one, so I urge you to grab some tea or another favorite beverage and take a break if you feel your attention wondering. To facilitate returning to where you left reading, I have divided the article into four pages. Many shades of gray The Health Insurance Portability and Accountability Act (HIPAA) is not a black and white document; it is very gray and constantly shifting with every new medical practice and technology. It will be a long time before I delve into these murky waters again. For resources to help you navigate HIPAA please use the links throughout this article and the list at the end. Disclaimer: I am not an attorney. I am not liable for any content, errors or omissions or inaccuracies. I cannot make any guarantees about the content. Please, please get legal services when you need them, they are the experts!  Using cellphones, tablets and computers or services such as online scheduling or insurance billing is common place in many of our medical practices. While most of us have a clear understanding of how to handle patient’s physical charts and personal information according to HIPAA law, the integration of technology has increasingly confused how we treat patient information. With changes as recent as January 2013, rumors abound about the proper use of health information and technology. After weeks of reading the source text for HIPAA, I struggled with concisely describing the expectations of the Privacy and Security rules of HIPAA. So many ‘experts’ interpret the law into a series of you have to or you must. Yes, there are aspects of HIPAA that require action but from my reading of it is more flexible and forgiving. A Portland, Oregon tech resource I recently found put it in a way I think we can all understand. HIPAA never allows or disallows anything. HIPAA asks you to balance risks and cost, reduce risks to reasonable levels and comply with certain security standards. – Roy Huggins (Person Centered Tech) Please keep in mind that there are no clear and fast answers …