I have mobile application for tracking physician compensation, and I'm not sure if it contains data points separately or together which would be considered PHI under HIPAA. The application is designed to help a physicians track procedures they perform. This app helps doctors keep tabs on their case log. The information collected is date of case, age of patient (but range, i.e age 1-5), date billing was submitted, diagnoses and its code, procedure and it's code, and collection of doctors email addresses, who are the users of this app, for authentication purposes. I know this app is not considered a covered entity under HIPAA, but that the physicians (customers of the app) are covered entity and required to abide by HIPAA (therefore making us a Business Associate?). Any assistance is greatly appreciated.
Question No. 103