“Dr. HIPAA” at the National HIPAA Summit
William R. Braithwaite, MD, PhD, also know affectionately as ”Doctor HIPAA”, was among the featured speakers at the recent Fifth National HIPAA Summit in San Francisco.
Dr. Braithwaite was formerly a senior advisor for HHS health information policy and is now chief medical officer for Anakam Identity Services at Equifax. He is the author of the Administrative Simplification subtitle of HIPAA and a major contributor to subsequent regulations setting federal standards.
He shared the following reflections and advice:
- Don’t surprise the patient. “So here’s my four-word version of the Privacy Rule-all 365 pages and more, boiled down into four words,” he said. Ensure privacy and security by design. “Build it into your infrastructure so the patient knows what’s going on with the information you hold,” he said.
- Find and manage risk in reasonable and appropriate ways. The words “reasonable and appropriate” appear on nearly every page of the HIPAA Privacy and Security Rules, said Braithwaite. Yet, the HIPAA rules don’t define it, and this is something organizations must interpret for themselves. “But, interpret it with common sense and understanding of the healthcare environment you’re in,” he said. “Find and manage the risks that are there.”
- People are fallible, as are the systems they build. As a result, organizations must plan for failure, said Braithwaite. “Design your systems to fail,” he said. “Don’t think, ‘Oh, it’s not going to’ or ‘if it fails.’ It’s when it fails. Design it that way from the beginning,” he said.
Read more advice from “Doctor HIPAA” in the November issue of Briefings on HIPAA.
Recommended For You
As consumers become more accustomed to interacting with their service providers via mobile and online channels, security becomes a top concern for telecom, […]
Equifax VP of Healthcare Strategy and Business Development, Michael Nelson, was recently quoted in Journal of the American Health Information Management Association (AHIMA), […]
On February 9, 2016, the President implemented the Cybersecurity National Action Plan (CNAP) designed “to enhance cybersecurity awareness and protections, protect […]
On December 18, President Obama signed legislation to encourage businesses to share cyberthreat information with the federal government. The Cybersecurity Information Sharing […]