Wasnt HIPAA not intended for security or privacy when it was originally developed? Merely as a standardized approach so various vendors could integrate easier. I could be mis-remembering this though.
Yes, that’s accurate. It is not prescriptive at all, but it does contain broad data security requirements. These are really the only legally mandated security requirements in healthcare. That said, HIPAA is more about establishing a legal and contractual framework for sharing data between providers and insurers and different providers.