Developers and HIPAA


The introduction of FHIR to the 2015 CEHRT has opened the door for 3rd party applications to receive patient health information directly from an EHR without an agreement in place between the health care provider or the EHR vendor. Even though the patient has selected it, shouldn't the 3rd party app be responsible for the protection of the patient's health information and be held to the same standards as the EHR vendor?

Also, I understand that the 3rd party application is responsible under the Health Breach Notification Rule (FTC) but will the health care provider be subject to the fine even though it was the 3rd party app that was breached?

Tags (If you have a multi-word tag, add a hyphen (-) between the words.)


1 vote
1 up votes
0 down votes
Question No. 96