Developers and HIPAA

Submitted by

Clarify the definition of PHI for online consumer interactions

I see a great deal of variation from organization to organization on what constitutes PHI in the digital realm. I have several scenarios that I'd like your thought on: - Is public website browsing behavior considered PHI as is suggested in the current Winston Smith V. Facebook case (http://digitalcommons.law.scu.edu/cgi/viewcontent.cgi?article=2175&context=historical)? This could impact a number of common services used ...more »

Voting

1 vote
1 up votes
0 down votes
Answered Questions

Developers and HIPAA

Submitted by

Does the name of a Health Insurance company constitute PHI?

Does having identifiable information of a person and the name of the health insurance company they are enrolled in (or name of other covered entity) constitute a PHI record? 1. Would a text message sent to an individual that includes the name of their health insurance company (but no other health information) be subject to HIPAA regulations? 2. Would a text message sent to an individual that includes the name of their ...more »

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Submitted by

web based CASE Management Tool

I have a web application that allows a patient and a doctor to create an account. the patient can upload his medical history and associate scanned files to his account. the patient then selects a doctor within the web application and invites him to have a look at his case files. we are hosting this on a hipaa compliant environment under a BAA agreement. I am the only administrator who manages the system and I manage ...more »

Voting

4 votes
4 up votes
0 down votes

Developers and HIPAA

Submitted by

How to handle old emails

I'm a web designer and have a client who has recently become hipaa compliant concerning his handling of email. He needed me to search his old emails from about 6 years ago for a certain file. Though he no longer uses that email address, the emails were still in webhosts database, and they were never hipaa compliant. He was wondering if he should just delete those old emails, since they are not hipaa compliant we thought ...more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Submitted by

Teaching Hospitals and HIPAA Privacy

I work for a University medical school that employs physicians as faculty and who teach at the hospital. I would like to know more about how far the ability access patient's records for educational purposes reaches. For example, if a Radiologist faculty member treated several patients with interesting or notable conditions and wanted to use the films as a teaching guide for residents, then what guidance or protocols ...more »

Voting

2 votes
2 up votes
0 down votes
Answered Questions

Developers and HIPAA

Submitted by

How granular should logs be in saving access-to-PHI events?

As a software developer in the role of business associate I have read about what needs to be captured and stored by software that handles PHI for a covered entity. To be a good vendor, we want to provide our customer the requisite log data about user credentialing (adds, permissions, changes, disables, deletes), and about PHI activity within our software product. We currently log all changes to PHI made by our product. ...more »

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Submitted by

New to Hippa

Can someone assist me? We are working with a client of ours who would like us to create a billing application that will be a web based system. It will deal with patient and insurance carrier data. Where do we start? What do we need to do when building the about? Technical? What do we need to do from administration side? We will be dealing with UB-04 for billing.

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Submitted by

Text messaging and HIPAA

There is currently a lack of clarity about whether patient consent to communicate via (unencrypted) SMS is adequate to protect covered entities from HIPAA concerns. HHS (and medical research) has released data supported use of non-encrypted SMS, given its high accessibility to patients and its efficacy in achieving behavior change (e.g. medication compliance, smoking cessation). Many covered entitites feel that this ...more »

Voting

23 votes
23 up votes
0 down votes