Help Me With Hipaa

  We continue our discussion about some common myths (or points of confusion) surrounding HIPAA compliance requirements.  GlossaryMyth is a widely held but false belief or idea.  Links  HealthIT.gov Top 10 Myths of Security Risk AnalysisHealthIT.gov Guide to Privacy and Security of Electronic Health Information Analysis Notes 1-3 In previous episode  Communicating with patients via email, fax, or telephone violates HIPAA.  Actually, not true. But.... reasonable and appropriate safeguards must be in place. HIPAA compliance is just like all the other compliance rules for other industries. You learn the requirements and you do what they say. Not at all true. HIPAA rules were designed to allow for every size and type of healthcare entity and business associate to use one set of regulations. That means there are phrases like "reasonable and appropriate" thrown all over them. Every single organization can determine what is reasonable and appropriate for their environment as long as they document how they ar