Campaign: Developers and HIPAA

Help with business associate agreements

There is a lack of transparency around the content of Business Associate Agreements (BAAs), a lack of sample BAA language around the topics developers care about, such as cloud storage & PGHD, and a lack of bargaining power on the part of startups. This has led to many challenges for the industry, resulting in high legal fees which may be a barrier to entry for many companies. HHS should issue sample BAA language around ...more »

Submitted by

Who are your customers? Check all that apply : General Public

What is your organization? : Government

Voting

5 votes
5 up votes
0 down votes
Answered Questions

Campaign: Developers and HIPAA

EHR software partners uses third party API

Our EHR solution is partnering with another health related software company with a cloud based API product to provide additional solutions for providers. This is a seamless connection. Some PHI would be stored on the API cloud based system while our EHR would also store PHI either on the client server or the cloud. I have several questions. I am assuming that the business associate between our clients/providers ...more »

Submitted by

Who are your customers? Check all that apply : Health plans or health care providers

What is your organization? : Your products send, receive, and/or view data/information to/from an EHR or related platform, EHR vendor, Cloud service provider

Voting

3 votes
3 up votes
0 down votes

Campaign: Developers and HIPAA

Connected Device Maintenance via App

A physician provides their patient with a medical device (like a CPAP or Glucose Meter). The company that created the medical device wants to monitor the maintenance of the machine. All of the information collected by the device that is sent to the physician is covered under a business associate agreement. Can the company that created the medical device receive information about the maintenance/operation of the device ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Other, General Public, Patients/Individuals/Consumers

What is your organization? : Small company, Trade association

Voting

3 votes
3 up votes
0 down votes

Campaign: Developers and HIPAA

Unencrypted PHI in the Cloud

From Kevin Wiggins, Saul Ewing: If a CE puts PHI on the Cloud and later terminates that Cloud as a service provider, there is inevitably some data remanence, thus leaving PHI on the Cloud. NIST Special Publication 800-80 addresses this by suggesting CEs use crypto-erase. What if the CE previously sent unencrypted PHI to the Cloud? Is it as simple as extending the protections of the contract to the information and ...more »

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Health plans or health care providers

What is your organization? : Attorney/other compliance consultant

Voting

1 vote
1 up votes
0 down votes
Answered Questions

Campaign: Developers and HIPAA

BAAs with Vendors and Providers

If a company has a business associate agreement (BAA) with an electronic medical record (EMR) vendor, does that company also have to sign a BAA with each health care provider or provider group using that EMR in addition to their existing BAA with the vendor?

Submitted by

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Other, General Public, Patients/Individuals/Consumers

What is your organization? : Small company, Trade association

Voting

1 vote
1 up votes
0 down votes