Developers and HIPAA

Notifications

A NYS licensed facility providing addiction treatment services has been advised that when a patient has been referred for treatment by another entity (hospital, family agency, courts, etc.) notice that the patient has presented for treatment may not be given to the referring agency without the written permission of the patient. No other PHI would be provided other than the notification.

Is this true?

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Are all cookies considered identifiable?

One of our physicians requested the use of a website which requires a patient to create an account, then the physician can add medical information about that individual, so the individual can then filter an e-commerce platform to make purchases that are consistent with their medical conditions. As we would be offering the service to patients and uploading the PHI, this would fall under a business associate relationship.... more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Wearables provided by covered entity

I believe this question is covered in the developer guidance (page 3), but as this document is 3+ years old, I was trying to determine if further guidance is available or if anything has changed with the decisions. We provide patient monitoring services to covered entities and enter into contracts/BAA's with them. One of these physicians is interested in providing a wearable tracker to his patients - the wearable would... more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Provisioning access to medical applications for employees

Having a hard time finding clarity on cloning access in medical applications. This is an internal question to an organization. If I create an application for users that contains a lot of PHI, am I allowed to use cloning to give access to the users? For example, if a user is a pharmacist and another pharmacist in a different pharmacy requests access, can I give them the option on the request form to clone the other... more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Does my app need to be Hippa compliant?

I'm developing a calculator type app for a friend of mine who works at a skilled nursing facility. She works as a therapist and regularly needs to split the total amount of time she needs to work with her patients into multiple sessions, often switching back and forth between patients. I'm developing the app to automate the task of her writing down when she starts and ends each session with each of per patients... and... more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

HIPAA Compliance with third party

Hi

I am wondering regarding the need to have a BAA with suppliers that do not store medical data but have data that can lead to medical information like IAM cloud services or services for password management (LastPass or 1 password)

there is no medical information that I transfer but I store user and password to my Medical DB for instance

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

virtual job board interpreter services

Healthcare providers place requests for interpreter services on a web portal that the state agency leases from a private vendor. Interpreters then log into the web portal to fish for appointments. They can access the web portal from their computers or mobile devices and do so frequently at public places such as coffee houses, libraries, waiting rooms, etc. where there is no expectation of privacy. All appointments are... more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

When does a Patient Record(PR) become realized?

The topic came up in a planning session around the point in time when a PR becomes a PR. Let's say we are writing an app for first responders. If the user collects name, date of birth, and vital signs. Does the PR become legally protected as soon as the First name is collected, or is there some threshold of data size(fields, values, etc.) that indicates that the PR has been created in legal terms for HIPPA protection?... more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

HIPAA and FHIR

The introduction of FHIR to the 2015 CEHRT has opened the door for 3rd party applications to receive patient health information directly from an EHR without an agreement in place between the health care provider or the EHR vendor. Even though the patient has selected it, shouldn't the 3rd party app be responsible for the protection of the patient's health information and be held to the same standards as the EHR vendor?... more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Must a mobile app PHR be password protected

A covered entity provides test results to patients through a Patient Mobile App or a Website. Patients must request access and data is transmitted securely. Once the patient has custody of the PHI (as a downloaded report on the website, or as received data on the mobile device, is the Covered Entity responsible if the patient loses their own data? Is it required, for example, that the Mobile App be password protected?... more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

HIPAA Requirements for data cabling

I am looking to find a HIPAA regulation that tells me whether or not a healthcare facility needs to have all TIA/EIA-568-B certified data cables. I know this would fall under data integrity, but I cannot find where in HIPAA that it states that best practice or industry standards must be met.

Voting

1 vote
1 up votes
0 down votes