Looking for best of breed HITECH / HIPAA compliance tracking software?

 

The following is paraphrased version of the introduction to the HIPAA Survival Guide (HSG):

This Survival Guide attempts a "forest from the trees" overview of the HIPAA Privacy and Security rules. The genesis of these rules is covered in the Background section of this document. The HSG only targets a subset of covered entities, namely providers. Furthermore, the guide focuses mostly on small providers, since this group will clearly be the most challenged by new laws and regulations, especially if their baseline understanding of HIPAA is lacking.

After writing the guide, we decided to launch an online version of the PDF to make it more accessible to the wider community. The online version has indeed received a fair amount of traction as a reference tool, and we continue to use it ourselves for this very reason. Recently, the full text of the HITECH Act was added online (i.e. we extracted the HITECH Act out of the 407 page ARRA PDF) so now you can point and click to a relevant section of the statute and thereby read the primary authority as it is written, as opposed to relying on someone else's interpretation.

That is not say that interpretations are not important, the language of the HITECH Act and the HIPAA Privacy and Security Rules is dense and confusing, even for lawyers that read this sort of thing for a living, but at the end of the day the wider community is better served by at least acquiring a minimal level of literacy with respect to the controlling legal authority itself. In short, we believe that better legally educated clients add significant value to the compliance process.

The next release of the online version will contain not only our paraphrased interpretation of the HIPAA Privacy and Security Rules but the full text as well. In every place that a section of the Rules refers to another section (which happens often) you will be able to easily navigate to the referenced section. In short, since compliance with HIPAA's Privacy and Security Rules is now part of HHS' definition of meaningful use, it will be important for a larger number of stakeholders to understand their ramifications, especially since a provider or facility may not get paid their EHR incentives if they are found to be non-HIPAA compliant.

In general, the HITECH Act totally transforms the HIPAA regulatory landscape with respect to privacy and security, changing it from a paper tiger into an electronic beast. In order to effectively cope with this beast, better tools need to be made available. We believe that the HSG is a step in the right direction. We will continue to add to the guide as we find relevant, high quality, and authoritative resources online that may be of use to you. Eventually, the full text of all parts of 45 CFR will be made available on the HSG site, not just the regulations that pertain to the HIPAA Privacy and Security Rules (i.e. similar to how the HITECH Act full text is available today).

The focus of the guide will remain on providing tools and resources that help you better understand the compliance challenges introduced by the HITECH Act, and the challenges created by the transformational changes that the healthcare industry is undergoing. We believe that the convergence of public policy, law and enabling technologies will continue to blur the boundaries of each. The guide will focus on issues that arise precisely as a result of this convergence.