Corporate Compliance

"Dr. HIPAA" dispenses more advice

Compliance Monitor, November 16, 2011

 Editor’s note: The following article is adapted from an article in the November 2011 Briefings on HIPAA

”Doctor HIPAA”—also known as William R. Braithwaite, MD, PhD—was among the featured speakers at the recent Fifth Nattional HIPAA Summit in San Francisco.

Braithwaite, former HHS health information policy senior advisor and current chief medical officer at Anakam Identity Services, a division of Equifax, is the author of the Administrative Simplification subtitle of HIPAA and a major contributor to subsequent regulations setting federal standards.

"It's gotten too complicated. We've lost the track. We've lost the emphasis on what it's all about,"Braithewaite told the audience.

He shared the following reflections and advice:

  • Don't surprise the patient. "So here's my four-word version of the Privacy Rule-all 365 pages and more, boiled down into four words," he said. Ensure privacy and security by design. "Build it into your infrastructure so the patient knows what's going on with the information you hold," he said.
  • Find and manage risk in reasonable and appropriate ways. The words "reasonable and appropriate" appear on nearly every page of the HIPAA Privacy and Security Rules, said Braithwaite. Yet, the HIPAA rules don't define it, and this is something organizations must interpret for themselves. "But, interpret it with common sense and understanding of the healthcare environment you're in," he said. "Find and manage the risks that are there."
  • People are fallible, as are the systems they build. As a result, organizations must plan for failure, said Braithwaite. . "Design your systems to fail," he said. "Don't think, ‘Oh, it's not going to' or ‘if it fails.' It's when it fails. Design it that way from the beginning," he said.

Read more advice from “Doctor HIPAA” in the November issue of Briefings on HIPAA.

Most Popular