Developers and HIPAA

Web app records meds, but not identifiable to patient.

I'm working on a free web application for use by healthcare providers that tracks the usage of antibiotics. I intend to make the application available to anyone as a tool without entering into any formal agreements. The tool would track such information as: facility census, medication name, dosage, date given, etc. patient age, gender, height, weight, etc. The tool would NOT use identifying information such as name, ...more »

Submitted by
Add your comment

Who are your customers? Check all that apply : Health plans or health care providers

What is your organization? : Not for profit, Developer working on homegrown apps within a health care setting, Software developer not specific to health care

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Health Information Systems and HIPAA Compliance

We're a non profit organisation seeking to deploy an open-source health management application for use. We classify as a Business Associate as we provide services for a health care provider under HIPAA. We urgently need to know what exactly are the requirements a health information system needs to meet in order to satisfy HIPAA. It would be helpful to know if there's some document or checklist to work with. We'd also ...more »

Submitted by
Add your comment

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor)

What is your organization? : Developer of Mhealth apps (not mobile medical apps), Developer working on homegrown apps within a health care setting, EHR vendor

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

'Medical Info' field in attendance mobile app

We are working on a mobile app that tracks attendance for fitness instructors/martial arts schools. Instructors can create classes and save their students in them. Part of the data entered for a student includes a field called Med Info, which would be along the sorts "Has asthma" or "Allergic to peanuts" just to give general examples. This is done so instructors can be prepared and aware of any health conditions with ...more »

Submitted by
Add your comment

Who are your customers? Check all that apply : General Public

What is your organization? : Software developer not specific to health care

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

'Medical Info' field in attendance mobile app

We are working on a mobile app that tracks attendance for fitness instructors/martial arts schools. Instructors can create classes and save their students in them. Part of the data entered for a student includes a field called Med Info, which would be along the sorts "Has asthma" or "Allergic to peanuts" just to give general examples. This is done so instructors can be prepared and aware of any health conditions with ...more »

Submitted by
Add your comment

Who are your customers? Check all that apply : General Public

What is your organization? : Software developer not specific to health care

Voting

1 vote
1 up votes
0 down votes

Developers and HIPAA

Does the name of a Health Insurance company constitute PHI?

Does having identifiable information of a person and the name of the health insurance company they are enrolled in (or name of other covered entity) constitute a PHI record? 1. Would a text message sent to an individual that includes the name of their health insurance company (but no other health information) be subject to HIPAA regulations? 2. Would a text message sent to an individual that includes the name of their ...more »

Submitted by
Add your comment

Who are your customers? Check all that apply : Health plans or health care providers

What is your organization? : Not for profit

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Does the name of a Health Insurance company constitute PHI?

Does having identifiable information of a person and the name of the health insurance company they are enrolled in (or name of other covered entity) constitute a PHI record? 1. Would a text message sent to an individual that includes the name of their health insurance company (but no other health information) be subject to HIPAA regulations? 2. Would a text message sent to an individual that includes the name of their ...more »

Submitted by
Add your comment

Who are your customers? Check all that apply : Health plans or health care providers

What is your organization? : Not for profit

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Offshore development and customer support

Does HIPAA have any restrictions on offshore development and/or customer support functions if the parent company is based in U.S. and/or if the foreign entity is owned and/or controlled by an entity based in U.S.?

Submitted by
1 comment

Who are your customers? Check all that apply : Patients/Individuals/Consumers

What is your organization? : Software developer not specific to health care

Voting

1 vote
1 up votes
0 down votes
Answered Questions

Developers and HIPAA

Data Recording

I am a student creating an app for school project. I was wondering if I have to be HIPAA compliant. I am creating an app, where diabetics can store their glucose and calculate insulin dosage. None of the information will be sent to hospitals or physicians. How would HIPAA work in this case? Thank you ahead.

Submitted by
Add your comment

Who are your customers? Check all that apply : General Public

What is your organization? : Other

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Scanning and Penetration Testing

Do entities need to run internal and external vulnerability scanning be HIPAA compliant? Do entities have to run penetration tests to ensure compliance? Reading ยง164.312(e)(2)(i) it seems that 'security measures' could include these tests, but does not specify a requirement for it. Additionally, a risk analysis could identify that these services would help to reduce the risk, threats and vulnerabilities in-scope systems, ...more »

Submitted by
Add your comment

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Health plans or health care providers

What is your organization? : Attorney/other compliance consultant

Voting

2 votes
2 up votes
0 down votes

Developers and HIPAA

Chat requirements

Are there any specific requirements that we should keep in mind when putting together a solution to provide PHI to a customer via a chat channel? Would it even be feasible? Assuming customer is identified (previously registered or asked to provide dob or some personal information

 

Thanks

Submitted by
1 comment

Who are your customers? Check all that apply : Patients/Individuals/Consumers

What is your organization? : Developer working on homegrown apps within a health care setting

Voting

4 votes
4 up votes
0 down votes

Developers and HIPAA

Text messaging and HIPAA

There is currently a lack of clarity about whether patient consent to communicate via (unencrypted) SMS is adequate to protect covered entities from HIPAA concerns. HHS (and medical research) has released data supported use of non-encrypted SMS, given its high accessibility to patients and its efficacy in achieving behavior change (e.g. medication compliance, smoking cessation). Many covered entitites feel that this ...more »

Submitted by
15 comments

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), General Public, Health plans or health care providers, Patients/Individuals/Consumers

What is your organization? : Health care provider or health plan, Not for profit, Developer working on homegrown apps within a health care setting

Voting

20 votes
20 up votes
0 down votes

Developers and HIPAA

HIPAA Compliant Forms

I am in the process of working with a hospital that is using a marketing software product to integrate forms into a new website project. We have recently got into the discussion regarding HIPAA compliance. It turns out the product's forms are not HIPAA compliant. With that being said the information being captured by these forms on the site are not intended to be capturing medical information. The purpose of these forms ...more »

Submitted by
3 comments

Who are your customers? Check all that apply : General Public, Patients/Individuals/Consumers

What is your organization? : Small company

Voting

4 votes
4 up votes
0 down votes