Developers and HIPAA

Connected Device Maintenance via App

A physician provides their patient with a medical device (like a CPAP or Glucose Meter). The company that created the medical device wants to monitor the maintenance of the machine. All of the information collected by the device that is sent to the physician is covered under a business associate agreement. Can the company that created the medical device receive information about the maintenance/operation of the device... more »

Voting

5 votes
5 up votes
0 down votes

Developers and HIPAA

Is a state-run MMJ registry a covered entity?

Is a state-run medical marijuana patient registry a covered entity? The Florida registry includes identifiable patient personal information and MMJ "prescription" information that is passed from the physician, to the DOH, to dispensing retail locations. Any physician, law enforcement officer, or retail location employee can find and view any patient's information. Here is the Florida physician user manual: http://www.flhealthsource.gov/ommu/forms/registry-user-guide-physician.pdf... more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Push Notifications

We have a communication platform where providers, patients, family members can connect and communicate securely. The patient can set their own preferences around how they receive notifications about types of messages, and from whom in the app. We would like to send the patient a push notification so they are aware there is a new message in the app. We can send a push notification that says" There is a new message in the... more »

Voting

4 votes
4 up votes
0 down votes

Developers and HIPAA

Providers feed PHI to your system, does this mean you are a BA?

You have an app to manage chronic care that is primarily driven by the patient and requires patient persmission to share any data, but where providers can enter some data, such as messages, or some information related to the patient's medication. The system is offered independently from a covered entity. Just because providers enter some PHI in the system, are you seen as a BA covered, or you are not a BA as long as... more »

Voting

4 votes
4 up votes
0 down votes

Developers and HIPAA

App Customization

A consumer focused app receives a request from one of its users, a hospital, for a customization of the product. The customization is created in response to the user request and treated the same as other requests. The app developer then makes it available to their entire user base, not just the requester, and no fee is paid. Does this make the app developer a business associate of the covered entity?

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Developers have full access to production phi at all times.

We are a small company but have our software in over 100 large hospitals. Our developers have full read-write access to all data in the production environment from the day they start (all environments actually). We also have un-encrypted / un-scrambled data in our stage and our certification environments. Each developer has 2 domain accounts, both have full read-write access to all data, an administrative account allows... more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Data Recording

I am a student creating an app for school project. I was wondering if I have to be HIPAA compliant. I am creating an app, where diabetics can store their glucose and calculate insulin dosage. None of the information will be sent to hospitals or physicians. How would HIPAA work in this case? Thank you ahead.

Voting

3 votes
3 up votes
0 down votes

Developers and HIPAA

Hospital Outpatient Pharmacy Notice of Privacy Practices

If a patient acknowledges receipt of a Notice of Privacy Practices when admitted to a Hospital, does the Hospital-owned outpatient pharmacy using the same electronic software have to provide a second Notice and obtain patient acknowledgement again? Can the original notice cover all outpatient departments under Hospital ownership?

Voting

3 votes
3 up votes
0 down votes

Developers and HIPAA

Doe’s remote access Healthcare provider requires HIPPA complianc

We provide support to healthcare provider while accessing server and clients.

The healthcare server DB stores ePHI (Only medical record number).

As part of our support we are potentially exposed to the mentioned ePHI.

We do not extract ePHI nor download locally.

The question is:

Do we need to be HIPPA compliant?

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Could a covered entity ever create a non-covered mobile app?

If a health care provider who is a covered entity were to create a general fitness/wellness app and silo off any collected data from their covered operations, could it be a valid hybrid entity? For instance, if a hospital creates a free meditation app but does not prescribe it as treatment, nor convey any data the app ingests back to medical professionals or EMRs, must the app still be HIPAA compliant? What are the criteria... more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

How granular should logs be in saving access-to-PHI events?

As a software developer in the role of business associate I have read about what needs to be captured and stored by software that handles PHI for a covered entity. To be a good vendor, we want to provide our customer the requisite log data about user credentialing (adds, permissions, changes, disables, deletes), and about PHI activity within our software product. We currently log all changes to PHI made by our product.... more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

How to handle old emails

I'm a web designer and have a client who has recently become hipaa compliant concerning his handling of email. He needed me to search his old emails from about 6 years ago for a certain file. Though he no longer uses that email address, the emails were still in webhosts database, and they were never hipaa compliant. He was wondering if he should just delete those old emails, since they are not hipaa compliant we thought... more »

Voting

2 votes
2 up votes
0 down votes