Clinic Nerds
Back

September 26, 2017
By Bert Ryan

About "Crushing Kim With HIPAA"
HIPAA is widely misunderstood, not because of any one thing, but rather the accumulation of many confusing concepts, phrases and terms. This series explores those confusing things through the eyes of Kim, a hypothetical office manager in a small clinic named Memphis Family Clinic. Big hospitals have departments of lawyers and information technology specialists (I/T, CIO) to handle HIPAA challenges. Kim and Memphis Family Clinic do not have those resources. This series tries to show how challenging HIPAA is for small clinics.

The Definitive HIPAA Website

If Kim wants to learn more about HIPAA, what is the main HIPAA website? The problem is there isn't just one. HHS is sort of the main HIPAA website. But there are many other government agencies and websites with HIPAA information.

Is Kim expected to navigate all of these agency websites? These are just the federal links. We haven't even gotten to the state websites.

NIST has at least seven PDFs related to HIPAA. Those seven PDFs are hundreds of pages of difficult technical material. Is Kim expected to wade through these PDFs?


Health & Human Services (HHS)
** Source material for ClinicNerds' HIPAA Breach Case Studies

Centers for Medicare & Medicaid Services (CMS)

Department of Justice (DoJ)

Office of the National Coordinator for Health Information Technology (ONC)
aka HealthIT.gov


National Institutes of Standards & Technology (NIST)

Federal Trade Commission (FTC)

Centers for Disease Control (CDC)

National Institutes of Health

Medscape

Code of Federal Regulations (CFR)

Possible Fix

Here is a suggestion for fixing this multi-agency, multi-websit problem. http://HIPAA.gov Create one URL with subsections for each part of the healthcare industry. It is understandable that each agency wants the credit for creating the content. Each agency wants to put their content on their website. It might be better to think of this from the consumer's point of view. Most people don't know and shouldn't be expected to know all of the various agencies in the federal government.

  • HIPAA.gov
  • HIPAA.gov/patients
  • HIPAA.gov/small_providers
  • HIPAA.gov/hospitals
  • HIPAA.gov/health_insurers
  • HIPAA.gov/pharmaceuticals
  • HIPAA.gov/pharmacies
  • HIPAA.gov/researchers