The HIPAA rules are mostly reasonable. The explanations of HIPAA rules are terrible. I set aside the old curriculum and created a fresh approach to HIPAA and risk analysis. Bert Ryan, Creator of the HIPAA Lifeguard App
The HIPAA rules are decent safeguards for protecting health information. But HIPAA is widely misunderstood because the explanations of HIPAA rules are terrible. There are many reasons why HIPAA explanations are terrible, here are just three:1. HIPAA is explained in a legal language that nobody understands
Reading most HIPAA education materials is like having to read a book written in Latin or Chinese. HIPAA explanations are written in a Latin-like legal language that we do not understand. We are missing the translation of HIPAA from legal language into plain English. The repeated use of weird legal phrases like Omnibus and Covered Entity makes it terribly confusing.2. Confusing names like Privacy Rule and Security Rule
The words privacy and security are synonymous, yet the Privacy Rule is meaningfully different from the Security Rule. Jeopardy champions can't explain the difference between privacy and security. Basing the HIPAA rules on the confusing terms privacy and security is like building your dream home on a weak foundation with a leaky basement.3. § as in CFR § 164.502
Remember when the musician Prince changed his name to the unpronouncable symbol Like Prince's mysterious symbol, terrible HIPAA explanations are littered with this unpronouncable legal symbol §. What is that thing? 99.99% of Americans have no idea what this legal symbol § means. Why try to explain HIPAA with a symbol that we do not understand? Prince eventually gave up his symbolic name. It is time HIPAA gave up on §.
We call all of those old, terrible explanations Hard-Legislative-HIPAA or just Hard-HIPAA.
Here is an example of the nonsensical legalese typically used in hard-legislative-HIPAA. The words that make it hard and legislative are highlighted in light blue.
Printing the above document - the Phase 2 Audit Program - takes up nearly 350 printed pages. We have trouble understanding any and all of their assessment protocols.
If you hear any of the following questions, a hard-HIPAA practitioner is trying to waste your time.
It is OK to ignore the above Hard-Legislative-HIPAA nonsense.
In easy-HIPAA, we reduce it down to a few ideas:
Healthcare is hard enough. There are already a million daily headaches in a clinic. Let's not make it any harder than it needs to be. Simple words and simple concepts are more likely to be understood by your employees. Lifeguards and hotspots are deliberately simple words and concepts.