Developers and HIPAA

Implementations with external services & Testing

When implementing external services with clients (such as exposing an API to external clients), are there any HIPAA rules/regulations around testing the implementation in a non-prod environment before going live in production? Are there any concerns with PHI or security with testing an implementation (of say an API with an external client) directly in a production environment?

Submitted by
Add your comment

Who are your customers? Check all that apply : Other

What is your organization? : Other

Voting

0 votes
0 up votes
0 down votes

Developers and HIPAA

Are CSPs that don't enforce ToS tacitly accepting a BA role?

I am a compliance consultant, seeing an increasing amount of concern from cloud service providers about customers/users sharing PHI via their platforms in clear violation of Terms of Service. (Depending on the platform, customers/users range from individuals to business associates to covered entities.) Specifically, the CSPs are concerned about whether allowing accounts in violation to remain active is somehow tacit acceptance ...more »

Submitted by
Add your comment

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor)

What is your organization? : Small company, Attorney/other compliance consultant

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

HIPAA Program Compliance Manger

This was addressed on your old FAQ page for a number of years and it seems to have disappeared. Can "open format" postcards still be used to remind patients of upcoming appointments as long as HIPAA's minimum necessary standard is observed? Something like, "Dear Sue, We would like to remind you of your upcoming appointment on Tuesday, September 12th at 2:20 pm"?

Submitted by
Add your comment

Who are your customers? Check all that apply : Health plans or health care providers

What is your organization? : Other, Small company, For profit, Your products send, receive, and/or view data/information to/from an EHR or related platform, Cloud service provider

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Web app records meds, but not identifiable to patient.

I'm working on a free web application for use by healthcare providers that tracks the usage of antibiotics. I intend to make the application available to anyone as a tool without entering into any formal agreements. The tool would track such information as: facility census, medication name, dosage, date given, etc. patient age, gender, height, weight, etc. The tool would NOT use identifying information such as name, ...more »

Submitted by
Add your comment

Who are your customers? Check all that apply : Health plans or health care providers

What is your organization? : Not for profit, Developer working on homegrown apps within a health care setting, Software developer not specific to health care

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Website Contact Forms

Hi,

 

Can someone tell me if a simple contact form on a health providers website needs to be HIPAA compliant if it is only requesting information like name, email, number, and a comment of interest in services?

 

Thank you!

Submitted by
Add your comment

Who are your customers? Check all that apply : Health plans or health care providers

What is your organization? : Attorney/other compliance consultant

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Health Information Systems and HIPAA Compliance

We're a non profit organisation seeking to deploy an open-source health management application for use. We classify as a Business Associate as we provide services for a health care provider under HIPAA. We urgently need to know what exactly are the requirements a health information system needs to meet in order to satisfy HIPAA. It would be helpful to know if there's some document or checklist to work with. We'd also ...more »

Submitted by
Add your comment

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor)

What is your organization? : Developer of Mhealth apps (not mobile medical apps), Developer working on homegrown apps within a health care setting, EHR vendor

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

HIPAA compliance with an task list from a provider?

I'm working on an app for a therapist to send a list of exercises to their patient's mobile device from their desktop for the patient to perform at home. The therapist can view if the patient is checking off their exercises and reporting thier completion each day. No information is being transmitted in regards to the patient's diagnosis or condition, only the list of exercises to be performed at home and the patient's ...more »

Submitted by
Add your comment

Who are your customers? Check all that apply : Health plans or health care providers, Patients/Individuals/Consumers

What is your organization? : Developer of Mhealth apps (not mobile medical apps), Small company, For profit, Developer working on homegrown apps within a health care setting

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Record, transfer and store mobile inbuilt sensor data

Hi, For a mobile chatbot health app that reads, transfers and stores (within and outside mobile phone in a cloud based server) sensor generated time series data of patients/consumers activities, events, etc.. which includes all data that can be captured by a mobile phone's, accelerometer, light, other sensors without patient/consumer intervention, can such sensor generated data be classified as personal identifiable information ...more »

Submitted by
Add your comment

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), General Public, Health plans or health care providers, Patients/Individuals/Consumers

What is your organization? : Developer of Mhealth apps (not mobile medical apps), Small company, For profit, Your products send, receive, and/or view data/information to/from an EHR or related platform

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

On Premise Interface Software Developer and Consulting and BAA's

I work for a software manufacturer that produces software that interfaces our customers various clinical systems to their EHR's and other applications. We do not store, maintain, transmit or manage PHI for our customers. We do configure their HIT interfaces that manage, transmit and modify PHI. Our technicians also routinely see PHI as they are helping customers troubleshoot issues and perform configuration changes. ...more »

Submitted by
Add your comment

Who are your customers? Check all that apply : Health plans or health care providers

What is your organization? : Your products send, receive, and/or view data/information to/from an EHR or related platform

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Cyberinsurance evaluation and options

Does OCR recommend any guides to developers to help them evaluate different kinds of cyberinsurance policies and to determine what types and levels of insurance are needed depending on the application they have developed and for general company compliance?

Submitted by
Add your comment

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Health plans or health care providers, Patients/Individuals/Consumers

What is your organization? : Developer of Mhealth apps (not mobile medical apps), Small company, Your products send, receive, and/or view data/information to/from an EHR or related platform

Voting

0 votes
0 up votes
0 down votes

Developers and HIPAA

Nonprofit Emergency Medical Services

Is a nonprofit EMS company (501c3) required to have a notice of privacy practices if it is an emergency response group? What aspects of HIPAA are applicable to a nonprofit EMS group?

Submitted by
Add your comment

Who are your customers? Check all that apply : Patients/Individuals/Consumers

What is your organization? : Not for profit

Voting

0 votes
0 up votes
0 down votes

Developers and HIPAA

'Medical Info' field in attendance mobile app

We are working on a mobile app that tracks attendance for fitness instructors/martial arts schools. Instructors can create classes and save their students in them. Part of the data entered for a student includes a field called Med Info, which would be along the sorts "Has asthma" or "Allergic to peanuts" just to give general examples. This is done so instructors can be prepared and aware of any health conditions with ...more »

Submitted by
Add your comment

Who are your customers? Check all that apply : General Public

What is your organization? : Software developer not specific to health care

Voting

1 vote
1 up votes
0 down votes