kudos icon +

Developers and HIPAA

Data Recording

I am a student creating an app for school project. I was wondering if I have to be HIPAA compliant. I am creating an app, where diabetics can store their glucose and calculate insulin dosage. None of the information will be sent to hospitals or physicians. How would HIPAA work in this case? Thank you ahead.

Voting

3 votes
3 up votes
0 down votes
kudos icon +

Developers and HIPAA

On Premise Interface Software Developer and Consulting and BAA's

I work for a software manufacturer that produces software that interfaces our customers various clinical systems to their EHR's and other applications. We do not store, maintain, transmit or manage PHI for our customers. We do configure their HIT interfaces that manage, transmit and modify PHI. Our technicians also routinely see PHI as they are helping customers troubleshoot issues and perform configuration changes.... more »

Voting

1 vote
1 up votes
0 down votes
kudos icon +

Developers and HIPAA

New to Hippa

Can someone assist me? We are working with a client of ours who would like us to create a billing application that will be a web based system. It will deal with patient and insurance carrier data. Where do we start? What do we need to do when building the about? Technical? What do we need to do from administration side? We will be dealing with UB-04 for billing.

Voting

2 votes
2 up votes
0 down votes
kudos icon +

Developers and HIPAA

Provisioning access to medical applications for employees

Having a hard time finding clarity on cloning access in medical applications. This is an internal question to an organization. If I create an application for users that contains a lot of PHI, am I allowed to use cloning to give access to the users? For example, if a user is a pharmacist and another pharmacist in a different pharmacy requests access, can I give them the option on the request form to clone the other... more »

Voting

1 vote
1 up votes
0 down votes
kudos icon +

Developers and HIPAA

Is my App following acceptable security protocol through HIPPA?

I email addresses of the users of the app, which are all doctors not patients, for authentication purposes. The application uses SSL encryption for transmission of data between a user's phone and the backend servers. The data is not currently encrypted on the server, but will become encrypted in a future version. Security around the data is restricted such that a user can only access their own data and is not accessible... more »

Voting

2 votes
2 up votes
0 down votes
kudos icon +

Developers and HIPAA

BAA and CI/CD tools - application source code that handles PHI

Many third party tools exist for Continuous Integration and Continuous Development (CI/CD). While an organization may maintain a BAA with their public cloud provider; many of these third party tools do not offer, nor will they engage in a BAA with customers.
Is a BAA required for the use of these tools, specifically when these tools are handling the compiling, build pipelines for code sources and virtualization container... more »

Voting

2 votes
2 up votes
0 down votes
kudos icon +

Developers and HIPAA

Ransomeware Attack

I just heard that a practice in our area had a ransomware attack. Based upon their investigation their manager stated that the hacker did not get access to the PHI data and therefore did not need to report to patients or the Dept. of HHS. I question their judgement since I'm not certain if they can tell even tell if the only thing the hacker did was lock them out access to their patient PHI and didn't also create an... more »

Voting

-1 votes
0 up votes
1 down votes
kudos icon +

Developers and HIPAA

EHR software partners uses third party API

Our EHR solution is partnering with another health related software company with a cloud based API product to provide additional solutions for providers. This is a seamless connection. Some PHI would be stored on the API cloud based system while our EHR would also store PHI either on the client server or the cloud.
I have several questions.
I am assuming that the business associate between our clients/providers... more »

Voting

4 votes
4 up votes
0 down votes
kudos icon +

Developers and HIPAA

HIPAA and FHIR

The introduction of FHIR to the 2015 CEHRT has opened the door for 3rd party applications to receive patient health information directly from an EHR without an agreement in place between the health care provider or the EHR vendor. Even though the patient has selected it, shouldn't the 3rd party app be responsible for the protection of the patient's health information and be held to the same standards as the EHR vendor?... more »

Voting

1 vote
1 up votes
0 down votes
kudos icon +

Developers and HIPAA

Desktop application for Videodermatoscopy

Godo morning,

We are an Italian software house and we would like to commercialize our software for Videodermatoscopy in USA.
Before that we would be sure that our software is HIPPA compliant because it stores patient's health information such as: name, surname, address, phone number, information about health status and specific information about patient's diseasies, photos of the patient and its mole, therapies, etc.etc.... more »

Voting

1 vote
1 up votes
0 down votes
kudos icon +

Developers and HIPAA

iOS keychains for saving pass/access token is HIPAA complaint?

I am building a mobile application to facilitate the patients and I am accessing the PHI through RESTful web apis.

I want to clarify one thing that I surfed a lot on google recently is, if I save patient's password or access token for re-authentication in iOS keychains, then may I consider this approach or this would be vulnerable to save the passwords in iOS keychains and violates HIPAA compliance act?

Voting

2 votes
2 up votes
0 down votes