One of the problems that Peter (Chief Privacy Attorney for Google) describes in this post has to do with the confusing (or unknown) "context" in which these various compliance regulations operate. Context is also incredibly important if you are only dealing with one compliance initiative such as HITECH/HIPAA. Part of the reason is that these programs are most descriptive and not prescriptive. The statute and regulations (mostly the latter) tell you the what and not the how. This is by design. However, the opposite is true for practitioner, what they are really interested in is the how. And, as Peter points out, there is no one size fits all compliance program in existence.
compliance program in existence
...that is why the "just tell me how"
question is so difficult to answer...
Looking for best of breed HIPAA Training?
To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.