> The reality is, dealing with the FDA side of things was about 15000 times more complicated for us than HIPAA compliance.
[...]
> The regulatory affairs people at most medical companies are FDA compliance experts that know how to comply with HIPAA, rather than HIPAA experts that some how penetrate the FDA requirements.
Well, yeah, the Health Insurance Portability and Accountability Act of 1996 is centrally a law regulating insurance provision whose rules and regulations most significantly impact payers; the parts impacting providers (while there is some compliance effort required, particularly regarding privacy and security) were actually designed to reduce the burden on providers; the privacy/security elements of HIPAA were included to mollify fears about the incentivizing and standardization of electronic billing transactions, they aren't the central focus of HIPAA though they are the part that (now that the “number of the beast” fearmongering has faded) remains in the public consciousness.
EDIT: And even then, the HIPAA privacy rules aren't all that simple; if you want simple privacy rules, the rules for privacy of federally-funded drug and alcohol treatment patient data are much simpler, and also stronger privacy protections.
[...]
> The regulatory affairs people at most medical companies are FDA compliance experts that know how to comply with HIPAA, rather than HIPAA experts that some how penetrate the FDA requirements.
Well, yeah, the Health Insurance Portability and Accountability Act of 1996 is centrally a law regulating insurance provision whose rules and regulations most significantly impact payers; the parts impacting providers (while there is some compliance effort required, particularly regarding privacy and security) were actually designed to reduce the burden on providers; the privacy/security elements of HIPAA were included to mollify fears about the incentivizing and standardization of electronic billing transactions, they aren't the central focus of HIPAA though they are the part that (now that the “number of the beast” fearmongering has faded) remains in the public consciousness.
EDIT: And even then, the HIPAA privacy rules aren't all that simple; if you want simple privacy rules, the rules for privacy of federally-funded drug and alcohol treatment patient data are much simpler, and also stronger privacy protections.