OSHA is similar to HIPAA in that its big and daunting and there are a lot of ways to screw it up. The big difference is that OSHA is pretty straight forward with certain things — if you put equipment in the autoclave at a certain temperature for a certain amount of time and you follow all the rules, it will be sterilized. HIPAA on the other hand, is the exact opposite. If you do all the things according to plan, you could still have a breach because we are talking about security and digital data and identities. These are a constantly changing target.
That’s why I specialize in HIPAA and not OSHA. We enjoy cybersecurity (most days) and feel a tremendous amount of pride in knowing practices that work with ACS are safer than most of their friends and colleagues.