I'm working on an app for a therapist to send a list of exercises to their patient's mobile device from their desktop for the patient to perform at home. The therapist can view if the patient is checking off their exercises and reporting thier completion each day. No information is being transmitted in regards to the patient's diagnosis or condition, only the list of exercises to be performed at home and the patient's completion of each exercise. Identifying information of the patient is restricted to the therapist's computer which connects to the unique identifier we use to determine what user to send the exercises to. The app is very simple right now, and I believe there is minimal risk to the consumer, but reading through the HIPAA guidelines is intimidating and I really don't know what I do and don't need to do. What steps do I have to take to adequately follow HIPAA compliance and to get this app into the hands of therapists for feedback? If we just wanted to try it out with a couple local therapists and their patients just for testing purposes, are there different steps we could take?
Question No. 75