Campaign: Developers and HIPAA

HIPAA Compliant Forms

I am in the process of working with a hospital that is using a marketing software product to integrate forms into a new website project. We have recently got into the discussion regarding HIPAA compliance. It turns out the product's forms are not HIPAA compliant. With that being said the information being captured by these forms on the site are not intended to be capturing medical information. The purpose of these forms ...more »

Submitted by

Who are your customers? Check all that apply : General Public, Patients/Individuals/Consumers

What is your organization? : Small company

Voting

3 votes
3 up votes
0 down votes

Campaign: Developers and HIPAA

HIPAA Training

Employees of a Business Associate must be trained on the basics of HIPAA. Startups and emerging companies want to ensure that the training their employees receive meets the standards expected by OCR. Similar to the practices of OSHA, can OCR provide a standardized training program on key HIPAA issues?

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Other, General Public, Patients/Individuals/Consumers

What is your organization? : Small company, Trade association

Voting

3 votes
3 up votes
0 down votes
Answered Questions

Campaign: Developers and HIPAA

Risk Assessment Tool

Small companies and Business Associates are eager to meet their security requirements under HIPAA. Many smaller B.A.s have stated that they are unable to use the current security risk assessment tool because they believe it is┬áneedlessly cumbersome, redundant, and designed for Covered Entities. Do you recommend that Business Associates start to use private tools instead of the current tool for risk assessments? If so, ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Other, General Public, Patients/Individuals/Consumers

What is your organization? : Small company, Trade association

Voting

3 votes
3 up votes
0 down votes
Answered Questions

Campaign: Developers and HIPAA

PHI Data on Offline Devices

Remote devices may not have access to the internet at all times and therefore may be operating offline. Data must be stored on the devices until connectivity is restored. What is the protocol for PHI data storage on offline mobile devices?

Submitted by

Who are your customers? Check all that apply : Health plans or health care providers

What is your organization? : Small company, Your products send, receive, and/or view data/information to/from an EHR or related platform, Software developer not specific to health care

Voting

3 votes
3 up votes
0 down votes

Campaign: Developers and HIPAA

EHR software partners uses third party API

Our EHR solution is partnering with another health related software company with a cloud based API product to provide additional solutions for providers. This is a seamless connection. Some PHI would be stored on the API cloud based system while our EHR would also store PHI either on the client server or the cloud. I have several questions. I am assuming that the business associate between our clients/providers ...more »

Submitted by

Who are your customers? Check all that apply : Health plans or health care providers

What is your organization? : Your products send, receive, and/or view data/information to/from an EHR or related platform, EHR vendor, Cloud service provider

Voting

3 votes
3 up votes
0 down votes

Campaign: Developers and HIPAA

Sale of Data Collected by a Consumer Targeted App

We are not a covered entity or business associate. We are developing a direct-to-consumer app that tracks medication adherence. We want to de-identify the information the app collects to sell to third parties. Do we follow the same HIPAA de-identification processes that a covered entity or business associate would follow?

Submitted by

Who are your customers? Check all that apply : General Public, Patients/Individuals/Consumers

What is your organization? : Small company, Software developer not specific to health care

Voting

3 votes
3 up votes
0 down votes
Answered Questions

Campaign: Developers and HIPAA

HIPAA E-Signature Requirements

We are a small organization starting up a tele-health initiative. We would like to deliver a copy of our Notice of Privacy Practices electronically and have patients acknowledge receipt via check box prior to completing our online intake forms. This method is used for acceptance when one downloads software online. We are having a difficult time understanding the requirements for this. Can it be a check box and/or typed ...more »

Submitted by

Who are your customers? Check all that apply : Patients/Individuals/Consumers

What is your organization? : Health care provider or health plan, Small company, Not for profit

Voting

3 votes
3 up votes
0 down votes
Answered Questions

Campaign: Developers and HIPAA

Chat requirements

Are there any specific requirements that we should keep in mind when putting together a solution to provide PHI to a customer via a chat channel? Would it even be feasible? Assuming customer is identified (previously registered or asked to provide dob or some personal information

 

Thanks

Submitted by

Who are your customers? Check all that apply : Patients/Individuals/Consumers

What is your organization? : Developer working on homegrown apps within a health care setting

Voting

3 votes
3 up votes
0 down votes

Campaign: Developers and HIPAA

Is a BAA required with SMS service

If my provider is communicating PHI and non-PHI with patients through a 3rd party SMS service, such as Twilio, would my provider be required to sign a BAA with an SMS service company or such a company be classified as a conduit? We are sending encrypted data to the SMS service which is then sending unencrypted SMSs to patients. Patients can then potentially respond to those SMSs via unencrypted SMS which would be directed ...more »

Submitted by

Who are your customers? Check all that apply : Patients/Individuals/Consumers

What is your organization? : Health care provider or health plan, Not for profit

Voting

3 votes
3 up votes
0 down votes

Campaign: Developers and HIPAA

Connected Device Maintenance via App

A physician provides their patient with a medical device (like a CPAP or Glucose Meter). The company that created the medical device wants to monitor the maintenance of the machine. All of the information collected by the device that is sent to the physician is covered under a business associate agreement. Can the company that created the medical device receive information about the maintenance/operation of the device ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Other, General Public, Patients/Individuals/Consumers

What is your organization? : Small company, Trade association

Voting

3 votes
3 up votes
0 down votes

Campaign: Developers and HIPAA

Teaching Hospitals and HIPAA Privacy

I work for a University medical school that employs physicians as faculty and who teach at the hospital. I would like to know more about how far the ability access patient's records for educational purposes reaches. For example, if a Radiologist faculty member treated several patients with interesting or notable conditions and wanted to use the films as a teaching guide for residents, then what guidance or protocols ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), General Public, Health plans or health care providers, Patients/Individuals/Consumers

What is your organization? : Health care provider or health plan, Not for profit, Attorney/other compliance consultant

Voting

2 votes
2 up votes
0 down votes
Answered Questions

Campaign: Developers and HIPAA

Developer and HIPAA

Assume you have a software company that will be using a smartphone application and related device to record and store arguably protected health information. 1. Assume the software company stores the information on its own servers. The company is not subject to HIPAA (privacy or security rules) because it isn't a covered entity or a business associate of a covered entity, correct? 2. Now assume that the software ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Other, General Public, Patients/Individuals/Consumers

What is your organization? : Attorney/other compliance consultant

Voting

2 votes
2 up votes
0 down votes
Answered Questions