Developers and HIPAA

Is a state-run MMJ registry a covered entity?

Is a state-run medical marijuana patient registry a covered entity? The Florida registry includes identifiable patient personal information and MMJ "prescription" information that is passed from the physician, to the DOH, to dispensing retail locations. Any physician, law enforcement officer, or retail location employee can find and view any patient's information. Here is the Florida physician user manual: http://www.flhealthsource.gov/ommu/forms/registry-user-guide-physician.pdf ...more »

Submitted by

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Is my App following acceptable security protocol through HIPPA?

I email addresses of the users of the app, which are all doctors not patients, for authentication purposes. The application uses SSL encryption for transmission of data between a user's phone and the backend servers. The data is not currently encrypted on the server, but will become encrypted in a future version. Security around the data is restricted such that a user can only access their own data and is not accessible ...more »

Submitted by

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Whether App is transmitting and storing PHI?

I have mobile application for tracking physician compensation, and I'm not sure if it contains data points separately or together which would be considered PHI under HIPAA. The application is designed to help a physicians track procedures they perform. This app helps doctors keep tabs on their case log. The information collected is date of case, age of patient (but range, i.e age 1-5), date billing was submitted, diagnoses ...more »

Submitted by

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

online social communities sponsored by a covered entity

We are a covered entity, and developing an online education program for a medical condition. Only registered/approved users are able to join view pages. So it may be assumed that a user has the medical condition, but the site does not require that users identify themselves to others. Users will have the option to enter PHI in a secured profile (hipaa compliant...), but can elect not to enter any info. The users will ...more »

Submitted by

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

HIPAA E-Signature Compliance

We are developing an iOS App that will be used by a collaborative group of agencies that provide care services to members of the community. Most agencies are Medicaid paid related but the cooperative includes non-healthcare community agencies that are 'referral partners'. If a member of a participating agency engages a member of the community that needs some form of care, the agency uses our App to complete a Referral ...more »

Submitted by

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

When does a Patient Record(PR) become realized?

The topic came up in a planning session around the point in time when a PR becomes a PR. Let's say we are writing an app for first responders. If the user collects name, date of birth, and vital signs. Does the PR become legally protected as soon as the First name is collected, or is there some threshold of data size(fields, values, etc.) that indicates that the PR has been created in legal terms for HIPPA protection? ...more »

Submitted by

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

New to Hippa

Can someone assist me? We are working with a client of ours who would like us to create a billing application that will be a web based system. It will deal with patient and insurance carrier data. Where do we start? What do we need to do when building the about? Technical? What do we need to do from administration side? We will be dealing with UB-04 for billing.

Submitted by

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Audit logging requirements for secure messaging

We have implemented a secure text messaging service for our application. It is quite possible that our customers will communicate ePHI to us using this secure service. Are we required to audit log all messages along with who read the message just in case some of the messages may have ePHI in them?

Submitted by

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

HIPAA and FHIR

The introduction of FHIR to the 2015 CEHRT has opened the door for 3rd party applications to receive patient health information directly from an EHR without an agreement in place between the health care provider or the EHR vendor. Even though the patient has selected it, shouldn't the 3rd party app be responsible for the protection of the patient's health information and be held to the same standards as the EHR vendor? ...more »

Submitted by

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Must a mobile app PHR be password protected

A covered entity provides test results to patients through a Patient Mobile App or a Website. Patients must request access and data is transmitted securely. Once the patient has custody of the PHI (as a downloaded report on the website, or as received data on the mobile device, is the Covered Entity responsible if the patient loses their own data? Is it required, for example, that the Mobile App be password protected? ...more »

Submitted by

Voting

0 votes
0 up votes
0 down votes

Developers and HIPAA

HIPAA Requirements for data cabling

I am looking to find a HIPAA regulation that tells me whether or not a healthcare facility needs to have all TIA/EIA-568-B certified data cables. I know this would fall under data integrity, but I cannot find where in HIPAA that it states that best practice or industry standards must be met.

Submitted by

Voting

1 vote
1 up votes
0 down votes