Developers and HIPAA

Website Contact Forms

Hi,

 

Can someone tell me if a simple contact form on a health providers website needs to be HIPAA compliant if it is only requesting information like name, email, number, and a comment of interest in services?

 

Thank you!

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Ransomeware Attack

I just heard that a practice in our area had a ransomware attack. Based upon their investigation their manager stated that the hacker did not get access to the PHI data and therefore did not need to report to patients or the Dept. of HHS. I question their judgement since I'm not certain if they can tell even tell if the only thing the hacker did was lock them out access to their patient PHI and didn't also create an ...more »

Voting

-1 votes
0 up votes
1 down votes

Developers and HIPAA

virtual job board interpreter services

Healthcare providers place requests for interpreter services on a web portal that the state agency leases from a private vendor. Interpreters then log into the web portal to fish for appointments. They can access the web portal from their computers or mobile devices and do so frequently at public places such as coffee houses, libraries, waiting rooms, etc. where there is no expectation of privacy. All appointments are ...more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

When does a Patient Record(PR) become realized?

The topic came up in a planning session around the point in time when a PR becomes a PR. Let's say we are writing an app for first responders. If the user collects name, date of birth, and vital signs. Does the PR become legally protected as soon as the First name is collected, or is there some threshold of data size(fields, values, etc.) that indicates that the PR has been created in legal terms for HIPPA protection? ...more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Record, transfer and store mobile inbuilt sensor data

Hi, For a mobile chatbot health app that reads, transfers and stores (within and outside mobile phone in a cloud based server) sensor generated time series data of patients/consumers activities, events, etc.. which includes all data that can be captured by a mobile phone's, accelerometer, light, other sensors without patient/consumer intervention, can such sensor generated data be classified as personal identifiable information ...more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

HIPAA compliance with an task list from a provider?

I'm working on an app for a therapist to send a list of exercises to their patient's mobile device from their desktop for the patient to perform at home. The therapist can view if the patient is checking off their exercises and reporting thier completion each day. No information is being transmitted in regards to the patient's diagnosis or condition, only the list of exercises to be performed at home and the patient's ...more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Which Dates are considered PHI?

Assuming all other identifiers are removed from the data, which dates are considered PHI? The de-identification standard for safe harbor indicates the following must be removed: "(C) All elements of dates (except year) for dates that are directly related to an individual, including birth date, admission date, discharge date, death date, and all ages over 89 and all elements of dates (including year) indicative of such ...more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

App Customization

A consumer focused app receives a request from one of its users, a hospital, for a customization of the product. The customization is created in response to the user request and treated the same as other requests. The app developer then makes it available to their entire user base, not just the requester, and no fee is paid. Does this make the app developer a business associate of the covered entity?

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

New to Hippa

Can someone assist me? We are working with a client of ours who would like us to create a billing application that will be a web based system. It will deal with patient and insurance carrier data. Where do we start? What do we need to do when building the about? Technical? What do we need to do from administration side? We will be dealing with UB-04 for billing.

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

How granular should logs be in saving access-to-PHI events?

As a software developer in the role of business associate I have read about what needs to be captured and stored by software that handles PHI for a covered entity. To be a good vendor, we want to provide our customer the requisite log data about user credentialing (adds, permissions, changes, disables, deletes), and about PHI activity within our software product. We currently log all changes to PHI made by our product. ...more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Desktop application for Videodermatoscopy

Godo morning, We are an Italian software house and we would like to commercialize our software for Videodermatoscopy in USA. Before that we would be sure that our software is HIPPA compliant because it stores patient's health information such as: name, surname, address, phone number, information about health status and specific information about patient's diseasies, photos of the patient and its mole, therapies, etc.etc. ...more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Health Information Systems and HIPAA Compliance

We're a non profit organisation seeking to deploy an open-source health management application for use. We classify as a Business Associate as we provide services for a health care provider under HIPAA. We urgently need to know what exactly are the requirements a health information system needs to meet in order to satisfy HIPAA. It would be helpful to know if there's some document or checklist to work with. We'd also ...more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Are CSPs that don't enforce ToS tacitly accepting a BA role?

I am a compliance consultant, seeing an increasing amount of concern from cloud service providers about customers/users sharing PHI via their platforms in clear violation of Terms of Service. (Depending on the platform, customers/users range from individuals to business associates to covered entities.) Specifically, the CSPs are concerned about whether allowing accounts in violation to remain active is somehow tacit acceptance ...more »

Voting

2 votes
2 up votes
0 down votes