As we've mentioned in previous articles, there are tons of misconceptions out there on what it means to be 'HIPAA Compliant'.   In fact, the main reason we publish this blog is simply to help our clients understand  more about what they really need to focus on and what they are 'missing' in the grand scope of HIPAA Security Compliance.

I don't want to sound redundant with this post, but recently I've ran into a couple vendors who told me they were selling 'HIPAA Compliant firewalls that will make your clients HIPAA Ready'.  Now, many of you know exactly what's wrong with that statement.  But for those of you who don’t, let me explain.  HIPAA Compliance has very little to do with the actual hardware in your network. To be honest, a $500 firewall will likely be just as 'compliant' as a $5000 one (in terms of HIPAA's requirements).

The problem is that many vendors sell their products as 'HIPAA Compliant' and then many sales people don't understand what that means.  A piece of hardware that is sold as 'HIPAA Compliant' simply means that the hardware CAN do the job needed to help you with your compliance.  But unlike what the salesperson might tell you, no piece of hardware will MAKE you compliant.

As we've discussed (see 4 Reasons Why You May Be Missing the Point with HIPAA Security), HIPAA Security Compliance is a process that you'll never complete.  It requires decisions, documentation and then implementation of policies that YOU decide on.  So, yes, you may have the best firewall on the market, but if that firewall is not configured to match you documented policies, you're no more 'HIPAA Compliant' than if you'd done nothing at all!

Understand what 'HIPAA Compliant' hardware and equipment is.  It just means that it is CAPABLE of doing what you need it to do to help with your compliance.  But without your decisions on policies and the documentation to back it up, it's no better than any other hardware that’s out there.  If you don't understand anything else about HIPAA Security Compliance, know this! 

So the next time you're at a trade show and a vendor talks to you about how their hardware/software/whatever can make you 'HIPAA Compliant', you can snicker a little and then educate them on why that’s not the case.

Stay with us!  We want to help dispel the myths!  Checkout our blog (updated at least twice a week).  Follow us onFacebook/LinkedIn/Twitter for more updates like these!

 Jeff Franks is the co-founder of Skysail Software, makers of affordable HIPAA Security Rule compliance management software solutions.  HIPAA FLIGHTPLAN provides centralized documentation of your HIPAA Security Rule compliance program.  HIPAA TIPS delivers Security Awareness training to your entire staff, every month, without impacting your daily operations