kudos icon +

Developers and HIPAA

Who can participate in an OHCA

We have created an IPA \[independent practice association\] in which providers (covered entities) and non providers such as soup kitchens, homelessness prevention and employment services have identified a shared population and are coming together to care for patients and share information.



What we are trying to understand is if all the members of the IPA agree to use the same EHR for the same shared group of patients... more »

Voting

1 vote
1 up votes
0 down votes
kudos icon 1

Developers and HIPAA

Medical Device Data

Scenario 1: Manufacturer makes an implantable device that collects data from the patient in order to function as intended. This data is uploaded automatically to servers of the manufacturer. As part of the device's design, a platform processes the raw data and sends the processed data to the physician. No analysis or clinical conclusions are conducted on the raw data--it is organized into a readable format for the physician... more »

Voting

3 votes
3 up votes
0 down votes
kudos icon +

Developers and HIPAA

Cloud Software to track employees during the COVID-19 Pandemy

My company is developing a SaaS that will help companies to track their employees during the COVID-19 outbreak and will enable their staff to clear which emplkoyees will return to work and which ones won´t due to COVID-19 sympthons, also will provide a dashboard to management staff to know which teams will fall short (and for how long) due to quarentine.

The software will collect questions about the COVID-19 symptohns... more »

Voting

2 votes
2 up votes
0 down votes
kudos icon +

Developers and HIPAA

Web Based Portal HIPAA Requirements

If a DME supplier, vitamin supplier, text reminder application, auto payment system for patient accounts, or a website management company collects PHI data via a web portal are they considered a Business Associate? For example, the company has created a web portal or downloadable software application that requires internet access, with fields that collect data, and that data helps the provider manage patient custom... more »

Voting

3 votes
3 up votes
0 down votes
kudos icon +

Developers and HIPAA

BAA and CI/CD tools - application source code that handles PHI

Many third party tools exist for Continuous Integration and Continuous Development (CI/CD). While an organization may maintain a BAA with their public cloud provider; many of these third party tools do not offer, nor will they engage in a BAA with customers.
Is a BAA required for the use of these tools, specifically when these tools are handling the compiling, build pipelines for code sources and virtualization container... more »

Voting

2 votes
2 up votes
0 down votes
kudos icon +

Developers and HIPAA

Doe’s remote access Healthcare provider requires HIPPA complianc

We provide support to healthcare provider while accessing server and clients.

The healthcare server DB stores ePHI (Only medical record number).

As part of our support we are potentially exposed to the mentioned ePHI.

We do not extract ePHI nor download locally.

The question is:

Do we need to be HIPPA compliant?

Voting

2 votes
2 up votes
0 down votes
kudos icon +

Developers and HIPAA

HTTPS Communication for HIPAA Compliant API

Hi,

 

We are trying to send medical data from clinics to an Amazon S3 service via an https connection (using an API). The S3 is configured with a policy for complying with HIPAA guidelines. The question I have is - If https communication to S3 is implemented with complying encryption standards, is the solution to transport data HIPAA compliant?

 

Regards,

Nitin

Voting

2 votes
2 up votes
0 down votes
kudos icon +

Developers and HIPAA

Are all cookies considered identifiable?

One of our physicians requested the use of a website which requires a patient to create an account, then the physician can add medical information about that individual, so the individual can then filter an e-commerce platform to make purchases that are consistent with their medical conditions. As we would be offering the service to patients and uploading the PHI, this would fall under a business associate relationship.... more »

Voting

1 vote
1 up votes
0 down votes
kudos icon +

Developers and HIPAA

Wearables provided by covered entity

I believe this question is covered in the developer guidance (page 3), but as this document is 3+ years old, I was trying to determine if further guidance is available or if anything has changed with the decisions.

We provide patient monitoring services to covered entities and enter into contracts/BAA's with them. One of these physicians is interested in providing a wearable tracker to his patients - the wearable would... more »

Voting

1 vote
1 up votes
0 down votes
kudos icon +

Developers and HIPAA

Provisioning access to medical applications for employees

Having a hard time finding clarity on cloning access in medical applications. This is an internal question to an organization. If I create an application for users that contains a lot of PHI, am I allowed to use cloning to give access to the users? For example, if a user is a pharmacist and another pharmacist in a different pharmacy requests access, can I give them the option on the request form to clone the other... more »

Voting

1 vote
1 up votes
0 down votes