Developers and HIPAA

Providers feed PHI to your system, does this mean you are a BA?

You have an app to manage chronic care that is primarily driven by the patient and requires patient persmission to share any data, but where providers can enter some data, such as messages, or some information related to the patient's medication.

The system is offered independently from a covered entity.

Just because providers enter some PHI in the system, are you seen as a BA covered, or you are not a BA as long as you are not acting on behalf of the covered entity?

A secondary question to clarify:

Does it matter what use the providers give to the data (e.g. if they use it to monitor the patient, share it with the health plan, etc), or all it matters is whether you are acting for a covered entity or not?


Tags (If you have a multi-word tag, add a hyphen (-) between the words.)

Who are your customers? Check all that apply : Other

What is your organization? : Developer of Mhealth apps (not mobile medical apps), Small company


1 vote
1 up votes
0 down votes
Question No. 67