Developers and HIPAA

Text messaging and HIPAA

There is currently a lack of clarity about whether patient consent to communicate via (unencrypted) SMS is adequate to protect covered entities from HIPAA concerns. HHS (and medical research) has released data supported use of non-encrypted SMS, given its high accessibility to patients and its efficacy in achieving behavior change (e.g. medication compliance, smoking cessation). Many covered entitites feel that this ...more »

Submitted by
15 comments

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), General Public, Health plans or health care providers, Patients/Individuals/Consumers

What is your organization? : Health care provider or health plan, Not for profit, Developer working on homegrown apps within a health care setting

Voting

20 votes
20 up votes
0 down votes

Developers and HIPAA

PHI request through SMS from provider

I understand there is some ambiguity regarding providers communicating PHI with patients, and I'm having some trouble interpreting how it applies to me. My provider developed software to engage patients via unencrypted SMS. My provider's medical practitioners will determine a patient is in need of monitoring and will develop or reuse a workflows to regularly request defined PHI from patients--such as diastolic and systolic ...more »

Submitted by
4 comments

Who are your customers? Check all that apply : Patients/Individuals/Consumers

What is your organization? : Health care provider or health plan, Not for profit

Voting

9 votes
9 up votes
0 down votes

Developers and HIPAA

HIPAA Compliant Forms

I am in the process of working with a hospital that is using a marketing software product to integrate forms into a new website project. We have recently got into the discussion regarding HIPAA compliance. It turns out the product's forms are not HIPAA compliant. With that being said the information being captured by these forms on the site are not intended to be capturing medical information. The purpose of these forms ...more »

Submitted by
3 comments

Who are your customers? Check all that apply : General Public, Patients/Individuals/Consumers

What is your organization? : Small company

Voting

4 votes
4 up votes
0 down votes

Developers and HIPAA

EHR Continuity in Care

Private Practice Physicians have the opportunity by contracting with a large health care entity to get into electronic health records EHR. In wanting to satisfy the continuum of care one practice can see any treatment provided by another provider for their patient. They can access diagnostics within the health care entities network. All good things! My concern, though users sign off on a confidentiality agreement ...more »

Submitted by
3 comments

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Other, Health plans or health care providers

What is your organization? : Small company, Attorney/other compliance consultant

Voting

3 votes
3 up votes
0 down votes

Developers and HIPAA

Is a BAA required with SMS service

If my provider is communicating PHI and non-PHI with patients through a 3rd party SMS service, such as Twilio, would my provider be required to sign a BAA with an SMS service company or such a company be classified as a conduit? We are sending encrypted data to the SMS service which is then sending unencrypted SMSs to patients. Patients can then potentially respond to those SMSs via unencrypted SMS which would be directed ...more »

Submitted by
1 comment

Who are your customers? Check all that apply : Patients/Individuals/Consumers

What is your organization? : Health care provider or health plan, Not for profit

Voting

5 votes
5 up votes
0 down votes

Developers and HIPAA

Does HIPAA extend to untethered PHRs?

A software company (e.g. a startup) develops an untethered PHR that is offered directly to the patient (consumer). The patient then authorizes PHR to "request" and "pull" (on behalf of patient) all records from all portals offered by healthcare provider EHRs (e.g. by Epic (MyChart), Cerner,...etc). The PHR gets access to all portals using logon credentials provided by the patient (e.g. patient provides all usernames and ...more »

Submitted by
2 comments

Who are your customers? Check all that apply : Patients/Individuals/Consumers

What is your organization? : Your products send, receive, and/or view data/information to/from an EHR or related platform

Voting

3 votes
3 up votes
0 down votes

Developers and HIPAA

Cloud Security

What are the suggested encryption protocols that one should implement in order to fulfill the 164.312(a)(2)(iv)

 

Have you implemented a mechanism to encrypt and decrypt EPHI?

Submitted by
1 comment

Who are your customers? Check all that apply : Health plans or health care providers

What is your organization? : Developer working on homegrown apps within a health care setting

Voting

5 votes
5 up votes
0 down votes

Developers and HIPAA

Chat requirements

Are there any specific requirements that we should keep in mind when putting together a solution to provide PHI to a customer via a chat channel? Would it even be feasible? Assuming customer is identified (previously registered or asked to provide dob or some personal information

 

Thanks

Submitted by
1 comment

Who are your customers? Check all that apply : Patients/Individuals/Consumers

What is your organization? : Developer working on homegrown apps within a health care setting

Voting

4 votes
4 up votes
0 down votes

Developers and HIPAA

EHR software partners uses third party API

Our EHR solution is partnering with another health related software company with a cloud based API product to provide additional solutions for providers. This is a seamless connection. Some PHI would be stored on the API cloud based system while our EHR would also store PHI either on the client server or the cloud. I have several questions. I am assuming that the business associate between our clients/providers ...more »

Submitted by
1 comment

Who are your customers? Check all that apply : Health plans or health care providers

What is your organization? : Your products send, receive, and/or view data/information to/from an EHR or related platform, EHR vendor, Cloud service provider

Voting

4 votes
4 up votes
0 down votes

Developers and HIPAA

PHI Data on Offline Devices

Remote devices may not have access to the internet at all times and therefore may be operating offline. Data must be stored on the devices until connectivity is restored. What is the protocol for PHI data storage on offline mobile devices?

Submitted by
1 comment

Who are your customers? Check all that apply : Health plans or health care providers

What is your organization? : Small company, Your products send, receive, and/or view data/information to/from an EHR or related platform, Software developer not specific to health care

Voting

4 votes
4 up votes
0 down votes

Developers and HIPAA

How should developers execute audit logging?

Right now, developers expend a lot of time and resources (including the cost of data storage) on audit logging but don’t have assurance that they are in compliance. Could HHS provide an open source library of code to help developers understand how to execute audit logging.

Submitted by
1 comment

Who are your customers? Check all that apply : General Public

What is your organization? : Government

Voting

4 votes
5 up votes
1 down votes

Developers and HIPAA

What does "on behalf of a covered entity mean"

What triggers acting "on behalf of a covered entity", A, or B, or other? A. A covered entity uses your app (you are not paid or have signed a BA; they just go online and use it). B. Getting hired by them. We have an app that patients and providers use for chronic disease management. Does not integrate with EHR. Patients enter their progress and providers review it and can message back and forth. We think we are not ...more »

Submitted by
1 comment

Who are your customers? Check all that apply : Other

What is your organization? : Developer of Mhealth apps (not mobile medical apps), Small company

Voting

2 votes
2 up votes
0 down votes