Is a company that provides encrypted cloud storage for a covered entity a BA if it does not have the encryption key and has no ability to access the IIHI?
The software will collect questions about the COVID-19 symptohns... more »
I am wondering regarding the need to have a BAA with suppliers that do not store medical data but have data that can lead to medical information like IAM cloud services or services for password management (LastPass or 1 password)
there is no medical information that I transfer but I store user and password to my Medical DB for instance
A. A covered entity uses your app (you are not paid or have signed a BA; they just go online and use it).
B. Getting hired by them.
We have an app that patients and providers use for chronic disease management. Does not integrate with EHR. Patients enter their progress and providers review it and can message back and forth.
We think we are not... more »
With that being said the information being captured by these forms on the site are not intended to be capturing medical information. The purpose of these forms... more »
Is a non-billing not for profit crisis services center that receives funding by the Office of Mental Health (who does follow HIPAA) required to adhere to HIPAA regulations?
If a company has a business associate agreement (BAA) with an electronic medical record (EMR) vendor, does that company also have to sign a BAA with each health care provider or provider group using that EMR in addition to their existing BAA with the vendor?
Does the entire environment need to be HIPAA compliant, or is it possible that the solution could fall into an exception to HIPAA, or can they use an API to store certain kinds of data? If you’re building modern technologies, you’re relying on a lot of third party (likely API) based services; mostly cloud based services. So which aspects of those need to be compliant?
Once the patient has custody of the PHI (as a downloaded report on the website, or as received data on the mobile device, is the Covered Entity responsible if the patient loses their own data? Is it required, for example, that the Mobile App be password protected?... more »
Does OCR recommend any guides to developers to help them evaluate different kinds of cyberinsurance policies and to determine what types and levels of insurance are needed depending on the application they have developed and for general company compliance?