Transcribing HIPAA into Roam

Most people know HIPAA from the forms they have to fill out at a doctor’s office, and for most people, that’s enough. For businesses, HIPAA can be a bit more complex. If you’re working with patient information, specifically Electronic Protected Healthcare Information (ePHI) there are a number of rules a business must comply with or they may face financial and legal penalties.

Compliance can be relatively straight forward if a business is aware of which rules apply to their organization. Of course, this is the hard part. Distilling HIPAA down into manageable components is anything but easy. I’ve spent the better part of my career helping organizations tackle compliance at scale, and it’s just as difficult in 2020 as it was in 2013.

The problem lies not in the regulations, but in the complexities surrounding how your business functions. HIPAA is not modern, and yet thousands of modern businesses must comply with HIPAA.

How Roam Helps

I’ve written about Roam briefly, but to summarize the tool, it’s note-taking for networked thought. With reference-able blocks, bi-directional links, querying, filtering, metadata support, and more. It’s the closest thing we have to re-building our brains in text.

As part of the work I’m doing for a newly funded venture I recently founded (yet to be announced), I’m transcribing HIPAA from the static PDF provided by HHS into a linked Roam database — with the intention of building APIs around specific HIPAA rules, and smartly applying those rules to Cloud and SaaS configurations for automatically generating Policies and Procedures on the fly. Here’s a short demo of the database (sorry, Substack doesn’t support Loom embeds) 👇

This is still very much a WIP, but if you’re interested in accessing this database, please reach out to me at