kudos icon +

Developers and HIPAA

HIPAA E-Signature Requirements Implemented

We are a small organization starting up a tele-health initiative. We would like to deliver a copy of our Notice of Privacy Practices electronically and have patients acknowledge receipt via check box prior to completing our online intake forms. This method is used for acceptance when one downloads software online. We are having a difficult time understanding the requirements for this. Can it be a check box and/or typed... more »

Voting

3 votes
3 up votes
0 down votes
kudos icon +

Developers and HIPAA

HIPAA compliance with an task list from a provider?

I'm working on an app for a therapist to send a list of exercises to their patient's mobile device from their desktop for the patient to perform at home. The therapist can view if the patient is checking off their exercises and reporting thier completion each day. No information is being transmitted in regards to the patient's diagnosis or condition, only the list of exercises to be performed at home and the patient's... more »

Voting

2 votes
2 up votes
0 down votes
kudos icon +

Developers and HIPAA

Cloud Software to track employees during the COVID-19 Pandemy

My company is developing a SaaS that will help companies to track their employees during the COVID-19 outbreak and will enable their staff to clear which emplkoyees will return to work and which ones won´t due to COVID-19 sympthons, also will provide a dashboard to management staff to know which teams will fall short (and for how long) due to quarentine.

The software will collect questions about the COVID-19 symptohns... more »

Voting

2 votes
2 up votes
0 down votes
kudos icon +

Developers and HIPAA

Could a covered entity ever create a non-covered mobile app?

If a health care provider who is a covered entity were to create a general fitness/wellness app and silo off any collected data from their covered operations, could it be a valid hybrid entity? For instance, if a hospital creates a free meditation app but does not prescribe it as treatment, nor convey any data the app ingests back to medical professionals or EMRs, must the app still be HIPAA compliant? What are the criteria... more »

Voting

2 votes
2 up votes
0 down votes
kudos icon +

Developers and HIPAA

HIPAA Compliance with third party

Hi

I am wondering regarding the need to have a BAA with suppliers that do not store medical data but have data that can lead to medical information like IAM cloud services or services for password management (LastPass or 1 password)

there is no medical information that I transfer but I store user and password to my Medical DB for instance

Voting

1 vote
1 up votes
0 down votes
kudos icon +

Developers and HIPAA

Surveillance Cameras and HIPAA

The mental health organization I am working with wants to install cameras in an area where people receive services (so they are identified by face and as being in need of the service provided). The organization will have an app to monitor camera activity etc but they want an existing telecommunications company to install and maintain the cameras and the video/images. The company they have chosen has never and will not... more »

Voting

2 votes
2 up votes
0 down votes
kudos icon +

Developers and HIPAA

What does "on behalf of a covered entity mean"

What triggers acting "on behalf of a covered entity", A, or B, or other?
A. A covered entity uses your app (you are not paid or have signed a BA; they just go online and use it).
B. Getting hired by them.

We have an app that patients and providers use for chronic disease management. Does not integrate with EHR. Patients enter their progress and providers review it and can message back and forth.
We think we are not... more »

Voting

3 votes
3 up votes
0 down votes
kudos icon +

Developers and HIPAA

HIPAA Compliant Forms

I am in the process of working with a hospital that is using a marketing software product to integrate forms into a new website project. We have recently got into the discussion regarding HIPAA compliance. It turns out the product's forms are not HIPAA compliant.

With that being said the information being captured by these forms on the site are not intended to be capturing medical information. The purpose of these forms... more »

Voting

4 votes
4 up votes
0 down votes
kudos icon +

Developers and HIPAA

PII and PHI

We make medical devices and sell to CEs through a independent sales team/resellers. Often times where there are some issues with software that runs on devices -- the reseller obtains the corresponding record from CE and uploads to our Customer Support portal. This ticket can contain medical health information. As a device manufacturer are we required to adhere to HIPAA? We may get a few hundred such tickets from different... more »

Voting

2 votes
2 up votes
0 down votes
kudos icon +

Developers and HIPAA

What part of the environment has to be compliant? Implemented

Does the entire environment need to be HIPAA compliant, or is it possible that the solution could fall into an exception to HIPAA, or can they use an API to store certain kinds of data? If you’re building modern technologies, you’re relying on a lot of third party (likely API) based services; mostly cloud based services. So which aspects of those need to be compliant?

Voting

5 votes
5 up votes
0 down votes
kudos icon +

Developers and HIPAA

Must a mobile app PHR be password protected

A covered entity provides test results to patients through a Patient Mobile App or a Website. Patients must request access and data is transmitted securely.

Once the patient has custody of the PHI (as a downloaded report on the website, or as received data on the mobile device, is the Covered Entity responsible if the patient loses their own data? Is it required, for example, that the Mobile App be password protected?... more »

Voting

1 vote
1 up votes
0 down votes