What is the intent of this site? OCR rarely, if ever comments on questions, some of which could really help HIPAA regulated organizations and developers interpret the Privacy and Security rules.
Does developing an algorithm/machine learning system that uses PHI from EMR to predict and alert providers to negative health outcomes constitute research or a health care operation under HIPAA?
Is a BAA required for the use of these tools, specifically when these tools are handling the compiling, build pipelines for code sources and virtualization container... more »
Is an app for people to share STD test results by taking a picture of the STD test results and getting a scannable QR code covered by HIPAA, HITECH or other laws/regulations?
We have a computer that will never have network access, it is completely stand alone. It is used to process x-rays and then burn the data to CD. Does this computer still need to have a compliant OS on it?
We provide support to healthcare provider while accessing server and clients.
The healthcare server DB stores ePHI (Only medical record number).
As part of our support we are potentially exposed to the mentioned ePHI.
We do not extract ePHI nor download locally.
The question is:
Do we need to be HIPPA compliant?
Our company allows employees to have company email on our BYOD's we are wonder what is needed to insure our email, and mobile devices are HIPPA compliant.
We are trying to send medical data from clinics to an Amazon S3 service via an https connection (using an API). The S3 is configured with a policy for complying with HIPAA guidelines. The question I have is - If https communication to S3 is implemented with complying encryption standards, is the solution to transport data HIPAA compliant?
We provide patient monitoring services to covered entities and enter into contracts/BAA's with them. One of these physicians is interested in providing a wearable tracker to his patients - the wearable would... more »
She works as a therapist and regularly needs to split the total amount of time she needs to work with her patients into multiple sessions, often switching back and forth between patients. I'm developing the app to automate the task of her writing down when she starts and ends each session with each of per patients... and... more »
I am wondering regarding the need to have a BAA with suppliers that do not store medical data but have data that can lead to medical information like IAM cloud services or services for password management (LastPass or 1 password)
there is no medical information that I transfer but I store user and password to my Medical DB for instance