I needed medical records from a patient's recent hospital admission for continuity of care purposes. I recieved the records today but they were sent not by the hospital itself, which is 3 miles from my office, but from a 3rd party operation located in North Carolina, approximately 800 miles away.
IOD, Inc.
Crazy, right? Why can't the hospital just send me the records when I request them?
Well the answer is that due to the complexity of federal privacy laws, the hospital has decided to outsource the management of the release of health information. The hospital pays this company and the company assumes the liability associated with a violation of HIPAA. Other than slight inconvenience to me, patient privacy is assured, the law is followed to the letter, and some entreprenurial person makes money. Win, win, win.
What can this teach us? For one thing, you can view regulatory change as a pain in the rear or as an opportunity for improvement or even new business.
Since the business and regulatory world are always changing, I recommend that you embrace the change and and use to your advantage.