We have a computer that will never have network access, it is completely stand alone. It is used to process x-rays and then burn the data to CD. Does this computer still need to have a compliant OS on it?
We provide patient monitoring services to covered entities and enter into contracts/BAA's with them. One of these physicians is interested in providing a wearable tracker to his patients - the wearable would... more »
Is a BAA required for the use of these tools, specifically when these tools are handling the compiling, build pipelines for code sources and virtualization container... more »
Is a nonprofit EMS company (501c3) required to have a notice of privacy practices if it is an emergency response group? What aspects of HIPAA are applicable to a nonprofit EMS group?
I am building a mobile application to facilitate the patients and I am accessing the PHI through RESTful web apis.
I want to clarify one thing that I surfed a lot on google recently is, if I save patient's password or access token for re-authentication in iOS keychains, then may I consider this approach or this would be vulnerable to save the passwords in iOS keychains and violates HIPAA compliance act?
"(C) All elements of dates (except year) for dates that are directly related to an individual, including birth date, admission date, discharge date, death date, and all ages over 89 and all elements of dates (including year) indicative of such... more »
I'm wondering if Verizon Home Phone connect with a analog phone hooked up to is violates HIPAA in any way. I'm more concerned about cellular technology VS POTS. There is no data transmission only voice.
we are hosting this on a hipaa compliant environment under a BAA agreement. I am the only administrator who manages the system and I manage... more »
Looking to create a database for managing patient information - not accessible to patients or non-clinical staff. The data will be MD5 encrypted end to end. Any thoughts from what has been done by others?
This was addressed on your old FAQ page for a number of years and it seems to have disappeared. Can "open format" postcards still be used to remind patients of upcoming appointments as long as HIPAA's minimum necessary standard is observed? Something like, "Dear Sue, We would like to remind you of your upcoming appointment on Tuesday, September 12th at 2:20 pm"?
Is a BA Contract required between a BA providing PHI to another BA of a CE? (for example, a CE requests their EHR vendor to send PHI to a data analytics firm OR a CE requests a data analytics firm to send PHI to another vendor doing work on the CE's behalf)?
A consumer focused app receives a request from one of its users, a hospital, for a customization of the product. The customization is created in response to the user request and treated the same as other requests. The app developer then makes it available to their entire user base, not just the requester, and no fee is paid. Does this make the app developer a business associate of the covered entity?