Developers and HIPAA

Developers and HIPAA

HIPAA E-Signature Compliance

We are developing an iOS App that will be used by a collaborative group of agencies that provide care services to members of the community. Most agencies are Medicaid paid related but the cooperative includes non-healthcare community agencies that are 'referral partners'. If a member of a participating agency engages a member of the community that needs some form of care, the agency uses our App to complete a Referral ...more »

Submitted by

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

When does a Patient Record(PR) become realized?

The topic came up in a planning session around the point in time when a PR becomes a PR. Let's say we are writing an app for first responders. If the user collects name, date of birth, and vital signs. Does the PR become legally protected as soon as the First name is collected, or is there some threshold of data size(fields, values, etc.) that indicates that the PR has been created in legal terms for HIPPA protection? ...more »

Submitted by

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

New to Hippa

Can someone assist me? We are working with a client of ours who would like us to create a billing application that will be a web based system. It will deal with patient and insurance carrier data. Where do we start? What do we need to do when building the about? Technical? What do we need to do from administration side? We will be dealing with UB-04 for billing.

Submitted by

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Audit logging requirements for secure messaging

We have implemented a secure text messaging service for our application. It is quite possible that our customers will communicate ePHI to us using this secure service. Are we required to audit log all messages along with who read the message just in case some of the messages may have ePHI in them?

Submitted by

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

HIPAA and FHIR

The introduction of FHIR to the 2015 CEHRT has opened the door for 3rd party applications to receive patient health information directly from an EHR without an agreement in place between the health care provider or the EHR vendor. Even though the patient has selected it, shouldn't the 3rd party app be responsible for the protection of the patient's health information and be held to the same standards as the EHR vendor? ...more »

Submitted by

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Must a mobile app PHR be password protected

A covered entity provides test results to patients through a Patient Mobile App or a Website. Patients must request access and data is transmitted securely. Once the patient has custody of the PHI (as a downloaded report on the website, or as received data on the mobile device, is the Covered Entity responsible if the patient loses their own data? Is it required, for example, that the Mobile App be password protected? ...more »

Submitted by

Voting

0 votes
0 up votes
0 down votes

Developers and HIPAA

HIPAA Requirements for data cabling

I am looking to find a HIPAA regulation that tells me whether or not a healthcare facility needs to have all TIA/EIA-568-B certified data cables. I know this would fall under data integrity, but I cannot find where in HIPAA that it states that best practice or industry standards must be met.

Submitted by

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Which Dates are considered PHI?

Assuming all other identifiers are removed from the data, which dates are considered PHI? The de-identification standard for safe harbor indicates the following must be removed: "(C) All elements of dates (except year) for dates that are directly related to an individual, including birth date, admission date, discharge date, death date, and all ages over 89 and all elements of dates (including year) indicative of such ...more »

Submitted by

Voting

1 vote
1 up votes
0 down votes