Showing 4 ideas for tag "baa"
kudos icon +

Developers and HIPAA

Is a BAA required with SMS service

If my provider is communicating PHI and non-PHI with patients through a 3rd party SMS service, such as Twilio, would my provider be required to sign a BAA with an SMS service company or such a company be classified as a conduit? We are sending encrypted data to the SMS service which is then sending unencrypted SMSs to patients. Patients can then potentially respond to those SMSs via unencrypted SMS which would be directed... more »

Voting

7 votes
7 up votes
0 down votes
kudos icon +

Developers and HIPAA

Are CSPs that don't enforce ToS tacitly accepting a BA role?

I am a compliance consultant, seeing an increasing amount of concern from cloud service providers about customers/users sharing PHI via their platforms in clear violation of Terms of Service. (Depending on the platform, customers/users range from individuals to business associates to covered entities.) Specifically, the CSPs are concerned about whether allowing accounts in violation to remain active is somehow tacit acceptance... more »

Voting

2 votes
2 up votes
0 down votes
kudos icon +

Developers and HIPAA

HIPAA Compliance with third party

Hi

I am wondering regarding the need to have a BAA with suppliers that do not store medical data but have data that can lead to medical information like IAM cloud services or services for password management (LastPass or 1 password)

there is no medical information that I transfer but I store user and password to my Medical DB for instance

Voting

1 vote
1 up votes
0 down votes
kudos icon +

Developers and HIPAA

Surveillance Cameras and HIPAA

The mental health organization I am working with wants to install cameras in an area where people receive services (so they are identified by face and as being in need of the service provided). The organization will have an app to monitor camera activity etc but they want an existing telecommunications company to install and maintain the cameras and the video/images. The company they have chosen has never and will not... more »

Voting

2 votes
2 up votes
0 down votes