Campaign: Developers and HIPAA

EHR software partners uses third party API

Our EHR solution is partnering with another health related software company with a cloud based API product to provide additional solutions for providers. This is a seamless connection. Some PHI would be stored on the API cloud based system while our EHR would also store PHI either on the client server or the cloud.

I have several questions.

I am assuming that the business associate between our clients/providers and our company make our company responsible for the third party privacy and security of the data. Is that correct?

If the third party solution is maintaining HIPAA logging and our solution is also maintaining HIPAA logging and the client is asking for PHI related information would that require our company to coordinate requested information from both systems back to the client. Or does this now require a separate business associate agreement between our clients and the third party?

Submitted by

Tags (If you have a multi-word tag, add a hyphen (-) between the words.)

Who are your customers? Check all that apply : Health plans or health care providers

What is your organization? : Your products send, receive, and/or view data/information to/from an EHR or related platform, EHR vendor, Cloud service provider

Voting

3 votes
3 up votes
0 down votes
Question No. 30