As we work with more and more clients to help them comply with the HIPAA Security Rule, it is becoming clear that many people don’t fully understand HIPAA. The good news is that we can help them understand HIPAA and all the things that need to be done to comply with HIPAA and to protect patient data. But let’s forget that for a second and concentrate on the first fact – people don’t understand HIPAA security and its requirements.
Hundreds and thousands of medical practices and healthcare organizations are implementing electronic medical records (EMRs). Many of these organizations don’t fully understand what is needed to comply with HIPAA, HITECH and more importantly what is necessary to protect patient information. This fact puts many patients’ medical information at risk of data breaches. So what can be done to educate organizations so they at least know what is required and what are best practices to protecting patient data?
We took a look over at the U.S. Department of Health & Human Services (HHS) website which gives an overview of HIPAA Security. Without being too critical, the website did break the HIPAA Security rule into sections but it did not clearly define what an organization must do to become compliant. It almost seems like the people who wrote the rules also wrote the summary. HHS should take a step back and embrace a new paradigm. Instead of shorter text to explain longer text (the actual rule) maybe they should create a series of short interactive movies that make it interesting and entertaining to understand the rules. And taking it one step further maybe they should embrace social media and use Facebook and Twitter to get the message out about HIPAA Security and protecting patient information.
HIPAA Secure Now! is trying to do exactly what we suggest that HHS do. We are producing short interactive movies on security tips, we have made short videos that explain what is required for each HIPAA Security Policy and Procedure, and we use Twitter and Facebook to share interesting articles and information on HIPAA.
The more that is done to help organizations understand HIPAA Security the better these organizations will be in protecting patient data. HHS has recently gotten more aggressive with HIPAA compliance enforcement. They should also get more aggressive with HIPAA Security education.