Developers and HIPAA

Submitted by

online social communities sponsored by a covered entity

We are a covered entity, and developing an online education program for a medical condition. Only registered/approved users are able to join view pages. So it may be assumed that a user has the medical condition, but the site does not require that users identify themselves to others. Users will have the option to enter PHI in a secured profile (hipaa compliant...), but can elect not to enter any info. The users will ...more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Submitted by

Health Information Systems and HIPAA Compliance

We're a non profit organisation seeking to deploy an open-source health management application for use. We classify as a Business Associate as we provide services for a health care provider under HIPAA. We urgently need to know what exactly are the requirements a health information system needs to meet in order to satisfy HIPAA. It would be helpful to know if there's some document or checklist to work with. We'd also ...more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Submitted by

iOS keychains for saving pass/access token is HIPAA complaint?

I am building a mobile application to facilitate the patients and I am accessing the PHI through RESTful web apis.

I want to clarify one thing that I surfed a lot on google recently is, if I save patient's password or access token for re-authentication in iOS keychains, then may I consider this approach or this would be vulnerable to save the passwords in iOS keychains and violates HIPAA compliance act?

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Submitted by

Is a BAA required with SMS service

If my provider is communicating PHI and non-PHI with patients through a 3rd party SMS service, such as Twilio, would my provider be required to sign a BAA with an SMS service company or such a company be classified as a conduit? We are sending encrypted data to the SMS service which is then sending unencrypted SMSs to patients. Patients can then potentially respond to those SMSs via unencrypted SMS which would be directed ...more »

Voting

6 votes
6 up votes
0 down votes

Developers and HIPAA

Submitted by

Must a mobile app PHR be password protected

A covered entity provides test results to patients through a Patient Mobile App or a Website. Patients must request access and data is transmitted securely. Once the patient has custody of the PHI (as a downloaded report on the website, or as received data on the mobile device, is the Covered Entity responsible if the patient loses their own data? Is it required, for example, that the Mobile App be password protected? ...more »

Voting

0 votes
0 up votes
0 down votes

Developers and HIPAA

Submitted by

Chat requirements

Are there any specific requirements that we should keep in mind when putting together a solution to provide PHI to a customer via a chat channel? Would it even be feasible? Assuming customer is identified (previously registered or asked to provide dob or some personal information

 

Thanks

Voting

4 votes
4 up votes
0 down votes

Developers and HIPAA

Submitted by

How to handle old emails

I'm a web designer and have a client who has recently become hipaa compliant concerning his handling of email. He needed me to search his old emails from about 6 years ago for a certain file. Though he no longer uses that email address, the emails were still in webhosts database, and they were never hipaa compliant. He was wondering if he should just delete those old emails, since they are not hipaa compliant we thought ...more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Submitted by

PII and PHI

We make medical devices and sell to CEs through a independent sales team/resellers. Often times where there are some issues with software that runs on devices -- the reseller obtains the corresponding record from CE and uploads to our Customer Support portal. This ticket can contain medical health information. As a device manufacturer are we required to adhere to HIPAA? We may get a few hundred such tickets from different ...more »

Voting

2 votes
2 up votes
0 down votes