Developers and HIPAA

HIPAA Program Compliance Manger

This was addressed on your old FAQ page for a number of years and it seems to have disappeared. Can "open format" postcards still be used to remind patients of upcoming appointments as long as HIPAA's minimum necessary standard is observed? Something like, "Dear Sue, We would like to remind you of your upcoming appointment on Tuesday, September 12th at 2:20 pm"?

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

New to Hippa

Can someone assist me? We are working with a client of ours who would like us to create a billing application that will be a web based system. It will deal with patient and insurance carrier data. Where do we start? What do we need to do when building the about? Technical? What do we need to do from administration side? We will be dealing with UB-04 for billing.

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

HIPAA E-Signature Compliance

We are developing an iOS App that will be used by a collaborative group of agencies that provide care services to members of the community. Most agencies are Medicaid paid related but the cooperative includes non-healthcare community agencies that are 'referral partners'. If a member of a participating agency engages a member of the community that needs some form of care, the agency uses our App to complete a Referral... more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Does my app need to be Hippa compliant?

I'm developing a calculator type app for a friend of mine who works at a skilled nursing facility. She works as a therapist and regularly needs to split the total amount of time she needs to work with her patients into multiple sessions, often switching back and forth between patients. I'm developing the app to automate the task of her writing down when she starts and ends each session with each of per patients... and... more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Is my App following acceptable security protocol through HIPPA?

I email addresses of the users of the app, which are all doctors not patients, for authentication purposes. The application uses SSL encryption for transmission of data between a user's phone and the backend servers. The data is not currently encrypted on the server, but will become encrypted in a future version. Security around the data is restricted such that a user can only access their own data and is not accessible... more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

'Medical Info' field in attendance mobile app

We are working on a mobile app that tracks attendance for fitness instructors/martial arts schools. Instructors can create classes and save their students in them. Part of the data entered for a student includes a field called Med Info, which would be along the sorts "Has asthma" or "Allergic to peanuts" just to give general examples. This is done so instructors can be prepared and aware of any health conditions with... more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

On Premise Interface Software Developer and Consulting and BAA's

I work for a software manufacturer that produces software that interfaces our customers various clinical systems to their EHR's and other applications. We do not store, maintain, transmit or manage PHI for our customers. We do configure their HIT interfaces that manage, transmit and modify PHI. Our technicians also routinely see PHI as they are helping customers troubleshoot issues and perform configuration changes.... more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Notifications

A NYS licensed facility providing addiction treatment services has been advised that when a patient has been referred for treatment by another entity (hospital, family agency, courts, etc.) notice that the patient has presented for treatment may not be given to the referring agency without the written permission of the patient. No other PHI would be provided other than the notification.

Is this true?

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Ransomeware Attack

I just heard that a practice in our area had a ransomware attack. Based upon their investigation their manager stated that the hacker did not get access to the PHI data and therefore did not need to report to patients or the Dept. of HHS. I question their judgement since I'm not certain if they can tell even tell if the only thing the hacker did was lock them out access to their patient PHI and didn't also create an... more »

Voting

-1 votes
0 up votes
1 down votes

Developers and HIPAA

When is PHI de-identified?

We have developed a platform to facilitate the scheduling of transport/rides for patients to provider appointments. The process works as follows. The provider logs into a secure site, to schedule a ride to an appointment for a patient. The platform, at the appropriate time, sends formation to a rider service provider (someone such as Lyft, Uber, etc..) to schedule the transport. The information provide the transport... more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Hospital Outpatient Pharmacy Notice of Privacy Practices

If a patient acknowledges receipt of a Notice of Privacy Practices when admitted to a Hospital, does the Hospital-owned outpatient pharmacy using the same electronic software have to provide a second Notice and obtain patient acknowledgement again? Can the original notice cover all outpatient departments under Hospital ownership?

Voting

3 votes
3 up votes
0 down votes

Developers and HIPAA

Web Based Portal HIPAA Requirements

If a DME supplier, vitamin supplier, text reminder application, auto payment system for patient accounts, or a website management company collects PHI data via a web portal are they considered a Business Associate? For example, the company has created a web portal or downloadable software application that requires internet access, with fields that collect data, and that data helps the provider manage patient custom... more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Does the name of a Health Insurance company constitute PHI?

Does having identifiable information of a person and the name of the health insurance company they are enrolled in (or name of other covered entity) constitute a PHI record? 1. Would a text message sent to an individual that includes the name of their health insurance company (but no other health information) be subject to HIPAA regulations? 2. Would a text message sent to an individual that includes the name of their... more »

Voting

2 votes
2 up votes
0 down votes