I am in the process of working with a hospital that is using a marketing software product to integrate forms into a new website project. We have recently got into the discussion regarding HIPAA compliance. It turns out the product's forms are not HIPAA compliant. With that being said the information being captured by these forms on the site are not intended to be capturing medical information. The purpose of these forms... more »
There is currently a lack of clarity about whether patient consent to communicate via (unencrypted) SMS is adequate to protect covered entities from HIPAA concerns. HHS (and medical research) has released data supported use of non-encrypted SMS, given its high accessibility to patients and its efficacy in achieving behavior change (e.g. medication compliance, smoking cessation). Many covered entitites feel that this... more »
I have a web application that allows a patient and a doctor to create an account. the patient can upload his medical history and associate scanned files to his account. the patient then selects a doctor within the web application and invites him to have a look at his case files. we are hosting this on a hipaa compliant environment under a BAA agreement. I am the only administrator who manages the system and I manage... more »
Are there any specific requirements that we should keep in mind when putting together a solution to provide PHI to a customer via a chat channel? Would it even be feasible? Assuming customer is identified (previously registered or asked to provide dob or some personal information
Does having identifiable information of a person and the name of the health insurance company they are enrolled in (or name of other covered entity) constitute a PHI record? 1. Would a text message sent to an individual that includes the name of their health insurance company (but no other health information) be subject to HIPAA regulations? 2. Would a text message sent to an individual that includes the name of their... more »
I am a student creating an app for school project. I was wondering if I have to be HIPAA compliant. I am creating an app, where diabetics can store their glucose and calculate insulin dosage. None of the information will be sent to hospitals or physicians. How would HIPAA work in this case? Thank you ahead.
We have a communication platform where providers, patients, family members can connect and communicate securely. The patient can set their own preferences around how they receive notifications about types of messages, and from whom in the app. We would like to send the patient a push notification so they are aware there is a new message in the app. We can send a push notification that says" There is a new message in the... more »
What is the intent of this site? OCR rarely, if ever comments on questions, some of which could really help HIPAA regulated organizations and developers interpret the Privacy and Security rules.
We're a non profit organisation seeking to deploy an open-source health management application for use. We classify as a Business Associate as we provide services for a health care provider under HIPAA. We urgently need to know what exactly are the requirements a health information system needs to meet in order to satisfy HIPAA. It would be helpful to know if there's some document or checklist to work with. We'd also... more »
Is a non-billing not for profit crisis services center that receives funding by the Office of Mental Health (who does follow HIPAA) required to adhere to HIPAA regulations?
We are working on a mobile app that tracks attendance for fitness instructors/martial arts schools. Instructors can create classes and save their students in them. Part of the data entered for a student includes a field called Med Info, which would be along the sorts "Has asthma" or "Allergic to peanuts" just to give general examples. This is done so instructors can be prepared and aware of any health conditions with... more »
I'm working on a free web application for use by healthcare providers that tracks the usage of antibiotics. I intend to make the application available to anyone as a tool without entering into any formal agreements. The tool would track such information as: facility census, medication name, dosage, date given, etc. patient age, gender, height, weight, etc. The tool would NOT use identifying information such as name,... more »
The introduction of FHIR to the 2015 CEHRT has opened the door for 3rd party applications to receive patient health information directly from an EHR without an agreement in place between the health care provider or the EHR vendor. Even though the patient has selected it, shouldn't the 3rd party app be responsible for the protection of the patient's health information and be held to the same standards as the EHR vendor?... more »
We have a computer that will never have network access, it is completely stand alone. It is used to process x-rays and then burn the data to CD. Does this computer still need to have a compliant OS on it?
Does developing an algorithm/machine learning system that uses PHI from EMR to predict and alert providers to negative health outcomes constitute research or a health care operation under HIPAA?