Problem solve Get help with specific problems with your technologies, process and projects.

When to seek legal consultation for HIPAA

Is it reasonable to think that a private medical practice with a total of 18 employees can meet all the requirements of HIPAA without hiring expensive outside consultants? At what point (if any) should we have legal consultation. Thank you!
Given the right tools, a fair amount of time and the budget to make it happen, I certainly believe it is reasonable to accomplish this internally. Keep in mind that not *all* outside consultants are expensive. You should be able to find some in your area that can do the work for a reasonable fixed cost so you don't have to worry about it getting out of control financially. Long term, given employee training, books and other tools that you will end up needing to purchase, not to mention pulling employees away from what they normally do on a full-time basis, it could very well be cheaper to outsource. At a minimum, you should consider getting legal counsel to review your HIPAA-mandated privacy and security policies to ensure they are reasonable and enforceable.

For more information on this topic, visit these other SearchSecurity.com resources:
Featured Topic: HIPAA update
Commentary: HIPAA compliance doesn't come in a box
Best Web Links: Securing Health Care/Health Services

This was last published in December 2002

Dig Deeper on HIPAA

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.