Chapter 7: Justification

7.1 INTRODUCTION

It's easy to dismiss this chapter by saying that justification is a simple matter. After all, HIPAA is the law, right? Well it's not that easy. HIPAA is the law, but there is a lot of room for interpretation. Does a small private practice clinic need retinal scans to enter the building with an armed security guard by all PHI points of access and continuously monitored video surveillance? HIPAA certainly does not suggest this to be the case. Additionally, not all organizations affected by HIPAA are covered entities, but they might decide to comply with certain portions of the regulation in order to provide the necessary services to their clients , who are. Just exactly where the line should be drawn is the heart of the discussion for this book. This chapter, however, is designed to equip you with tools to justify the inevitable cost that HIPAA mandates to improve your security infrastructure. Please keep in mind that every corporate culture is different and the approach that should be taken, based upon the political climate of your organization, may vary. Pick and choose the tools from this chapter that work best for your environment in order to achieve the desired goal of financing your security implementation.

The following two chapters go into more detail on the project plans and budgeting than is presented in this chapter. This section focuses specifically on the issues to address for the specific purpose of improving your chances of approval.