If I'm allowed to override with a tangent:
What's the best place to start reading on HIPAA for non Americans? We're starting up a healthcare services co (applied YC this batch!!) where we might potentially have to be covered under HIPAA. But there's also a possibility depending on how we structure our operations that we can possible avoid it altogether.
I can dive deep into the actual regulations later if we know we have to comply. Right now I need to kinda figure out the lay of the land. Where other services like Aptible or Catalyze fit in the ecosystem.
Like {X} is the problem, {Y} is the regulation set and {Z} is the way to comply/resolve it.
HIPAA is a very large, encompassing bill that provides numerous protections for patients. In particular, it provides the necessary legal requirements preventing healthcare providers from disclosing personally identifiable information - typically, things like SSN, name + date of birth, name + zipcode, etc. Anything that could possibly be used by someone to identify who the patient is should not be discloses. HIPAA also lists some technology requirements, but if memory serves me correctly, it only goes so far as to say "industry-standard practices". There's also numerous parts of HIPAA that pertain to billing and insurance, but I don't do billing so I can't speak too much on those.
Well yes I can go read the act but at this early stage don't have that much time to spend on legalese without first understanding the contours. I'm looking for simpler explanations, case studies, blogposts of individuals/ or companies; some of which your rest of the comment provides. So thanks for that.
Would you mind sharing your email (mine is in my profile) in case I wanna bounce off a few Qns? I promise to keep it short. TIA.
I found this book helpful: The HIPAA Roadmap for Business Associates ( http://www.amazon.com/gp/product/1484067010/ref=oh_aui_searc... ). It goes through some of the basics of HIPAA, what kinds of policies you need to have and why, and includes some example policy templates similar to the ones being graciously provided in this article.
I can dive deep into the actual regulations later if we know we have to comply. Right now I need to kinda figure out the lay of the land. Where other services like Aptible or Catalyze fit in the ecosystem. Like {X} is the problem, {Y} is the regulation set and {Z} is the way to comply/resolve it.