Consultants make money based on experience and advice. HIPAA doesn't currently have case law behind it and therefore most businesses do not want to be the first John Doe vs SomeCompany, inc which will then be quoted in the news and courts for the next 20 years.
HIPAA is complex. There are distribution lists that specialize in this type of regulation floating around. It is also a pain and there is much conflicting and competing information out there. Steven On Tue, Aug 12, 2008 at 6:26 PM, <[EMAIL PROTECTED]> wrote: > Dave, > > > > We do a lot of IT work for Doctor offices and organizations connected to > hospitals and such. We have a document they all had to sign saying that we > are not responsible for identifying or resolving issues related to HIPAA > compliance, because of these very issues. We make recommendations that from > the IT side help with security and establish a IT Secure framework to build > on, but the responsibility and liability is squarely with the offices to > determine what they have to do to be compliant. Most offices simply will > not pay the money to do what is needed. > > > > If you are set in this venture, first get legal counsel to draft a proposal > that says while you are here to consult and provide guidance that ultimately > you are not responsible for anything regarding HIPAA directly. Here is the > reason. HIPAA is so grey that if the office fails to follow a process, > break a rule, etc and they are facing civil/criminal (Which means paying > dollars) you will be the fall guy..ALWAYS.. > > It's the same concept of tape backup. We install the solution, train them, > but we are not responsible for their data if they don't check the status of > their backup or fail to swap their tapes. How can you be responsible for > what they do or don't do. You can't..Get it in writing. > > > > 2. There is no standard form or process that works. Every environment is > different; apps, connections, types of service( Billing, Financial, > service) and it even gets more specific based on types of billing and > service.. Yet all in a strangely gray haze that really just means spend > money.... > > > > Good luck, I would have a root canal every day of my life than maintain > compliancy with HIPAA regs and reconcile those with doctors... > > > > Greg > > > > From: Jon Harris [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 12, 2008 3:36 PM > To: NT System Admin Issues > Subject: Re: Hippa Compliance Checklist > > > > Agreed that is why I refuse to do that work. > > > > Jon > > On Tue, Aug 12, 2008 at 2:13 PM, Ziots, Edward <[EMAIL PROTECTED]> wrote: > > HIPAA compliance is a lot more than a checklist it's a process, and you need > to know what policies and procedures that the doctor has in place along with > the practices of the partners that that doctor associates with. > > > > There are two major pieces of HIPAA you need to deal with the Privacy > Section, and the Security Section. A lot of it is vague, and not clear cut. > There are some good to do or consider, but I will tell you that information > disclosure ( unencrypted hardware being used to store patient info) will get > you in trouble, also privacy issues. Again I am going to say this loud and > clear its not a checklist it's a process, and it isn't for the faint of > heart. > > > > Z > > > > Edward E. Ziots > > Network Engineer > > Lifespan Organization > > MCSE,MCSA,MCP,Security+,Network+,CCA > > Phone: 401-639-3505 > > ________________________________ > > From: Jon Harris [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, August 12, 2008 11:26 AM > To: NT System Admin Issues > > Subject: Re: Hippa Compliance Checklist > > > > > > > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
