The system is offered independently from a covered entity.
Just because providers enter some PHI in the system, are you seen as a BA covered, or you are not a BA as long as... more »
I am building a mobile application to facilitate the patients and I am accessing the PHI through RESTful web apis.
I want to clarify one thing that I surfed a lot on google recently is, if I save patient's password or access token for re-authentication in iOS keychains, then may I consider this approach or this would be vulnerable to save the passwords in iOS keychains and violates HIPAA compliance act?
We are scheduling patients through an online scheduling app. We've been told patients are de-identified if we only use the first three letters of their first and last name for the scheduling portal. Could you confirm whether or not this is HIPAA compliant?
Does developing an algorithm/machine learning system that uses PHI from EMR to predict and alert providers to negative health outcomes constitute research or a health care operation under HIPAA?